private TokenInfoDto GenerateTokenForRefreshToken(AskTokenDto tokenInfo, IStringLocalizer errorLocal)
{
TokenInfoDto toReturn = null;
if (String.IsNullOrWhiteSpace(tokenInfo.ClientPublicId))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameRefreshToken,
Description = errorLocal["RefreshTokenParameterError"]
};
}
using (var context = RepositoriesFactory.CreateContext())
{
var clientRepo = RepositoriesFactory.GetClientRepository(context);
var myClient = clientRepo.GetByPublicId(tokenInfo.ClientPublicId);
if (!CheckIfClientsCredentialsAreValid(myClient, tokenInfo.AuthorizationHeader))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameUnauthorizedClient,
Description = errorLocal["UnauthorizedClient"]
};
}
var tokenDetail = JwtService.ExtractToken(new ExtractTokenDto()
{
Token = tokenInfo.RefreshToken,
TokenName = OAuthConvention.RefreshToken
});
if (!CheckIfTokenIsValid(tokenDetail, context))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameInvalidGrant,
Description = errorLocal["RefreshTokenInvalid"]
};
}
if (!CheckIfScopesAreAuthorizedForClient(tokenDetail.ClientId, tokenInfo.Scope))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameInvalidScope,
Description = errorLocal["UnauthorizedScope"]
};
}
toReturn = GenerateAccessTokenAndUpdateRefreshToken(tokenInfo, context, tokenDetail.UserName);
context.Commit();
}
return(toReturn);
}
public IntrospectInfoDto Introspect(AskIntrospectDto introspectInfo)
{
Validate(introspectInfo);
Logger.LogInformation($"Introspect token {introspectInfo.Token}");
var toReturn = new IntrospectInfoDto()
{
IsValid = false
};
var authsInfos = introspectInfo.AuthorizationHeader.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
if (authsInfos.Length != 2)
{
return(toReturn);
}
if (!authsInfos[0].Equals("Basic", StringComparison.OrdinalIgnoreCase))
{
return(toReturn);
}
var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(authsInfos[1]));
var separatorIndex = credentials.IndexOf(':');
if (separatorIndex == -1)
{
return(toReturn);
}
var rsLogin = credentials.Substring(0, separatorIndex);
RessourceServer rs = null;
using (var context = RepositoriesFactory.CreateContext())
{
var rsRepo = RepositoriesFactory.GetRessourceServerRepository(context);
rs = rsRepo.GetByLogin(rsLogin);
if (rs == null)
{
return(toReturn);
}
var rsSecret = credentials.Substring(separatorIndex + 1);
if (!EncryptonService.AreEqualsSha256(String.Concat(Configuration.PasswordSalt, rsSecret), rs.ServerSecret))
{
return(toReturn);
}
if (!rs.IsValid)
{
return(toReturn);
}
var tokenInfo = JwtService.ExtractToken(new ExtractTokenDto()
{
TokenName = OAuthConvention.AccessToken,
Token = introspectInfo.Token
});
if (!tokenInfo.IsValid)
{
return(toReturn);
}
toReturn.ClientPublicId = tokenInfo.ClientId;
toReturn.Expire = tokenInfo.Expire;
toReturn.IsValid = true;
toReturn.Scope = tokenInfo.Scope;
toReturn.UserName = tokenInfo.UserName;
toReturn.Audiences = rsRepo.GetAll().Where(r => r.IsValid.Equals(true)).Select(r => r.Name).ToArray();
}
return(toReturn);
}