public AccessTokenResult CreateAccessToken(DotNetOpenAuth.OAuth2.Messages.IAccessTokenRequest accessTokenRequestMessage)
        {
            var token = new AuthorizationServerAccessToken();
            token.Lifetime = TimeSpan.FromMinutes(2);

            token.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier;

            foreach (string s in accessTokenRequestMessage.Scope)
            {
                token.Scope.Add(s);
            }

            token.User = accessTokenRequestMessage.UserName;
               // token.ExtraData.Add("id_token","thisisthejwt");

            var signCert = LoadCert(Config.ALHAMBRA_AUTHORIZATION);
            token.AccessTokenSigningKey = (RSACryptoServiceProvider)signCert.PrivateKey;

            var encryptCert = LoadCert(Config.ALHAMBRA_RESOURCES);
            token.ResourceServerEncryptionKey = (RSACryptoServiceProvider)encryptCert.PublicKey.Key;

            var accessTokenResult = new AccessTokenResult(token);
            accessTokenResult.AccessToken.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier;

            //Page 13 on draft 26 - Open Id Connect Basic Client Profile
            //if (token.Scope.Contains("offline_access"))
            //{
            //    accessTokenResult.AllowRefreshToken = true;
            //}

            accessTokenResult.AllowRefreshToken = true;

            return accessTokenResult;
        }
Example #2
0
        // Generate an access token, given parameters in request that tell use what scopes to include,
        // and thus what resource's encryption key to use in addition to the authroization server key
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken {Lifetime = TimeSpan.FromMinutes(10)}; // could parameterize lifetime

            var targetResource = _resourceRepository.FindWithSupportedScopes(accessTokenRequestMessage.Scope);
            accessToken.ResourceServerEncryptionKey = targetResource.PublicTokenEncrypter;
            accessToken.AccessTokenSigningKey = _tokenSigner.GetSigner();

            var result = new AccessTokenResult(accessToken);
            return result;
        }
		/// <summary>
		/// Obtains parameters to go into the formulation of an access token.
		/// </summary>
		/// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
		/// that will receive that access.
		/// Based on this information the receiving resource server can be determined and the lifetime of the access
		/// token can be set based on the sensitivity of the resources.</param>
		/// <returns>
		/// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
		/// </returns>
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var accessToken = new AuthorizationServerAccessToken() {
				// For this sample, we assume just one resource server.
				// If this authorization server needs to mint access tokens for more than one resource server,
				// we'd look at the request message passed to us and decide which public key to return.
				ResourceServerEncryptionKey = OAuthResourceServer.CreateRSA(),
			};

			var result = new AccessTokenResult(accessToken);
			return result;
		}
		/// <summary>
		/// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client.
		/// </summary>
		/// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
		/// that will receive that access.
		/// Based on this information the receiving resource server can be determined and the lifetime of the access
		/// token can be set based on the sensitivity of the resources.</param>
		/// <returns>
		/// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
		/// </returns>
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			// If your resource server and authorization server are different web apps,
			// consider using asymmetric keys instead of symmetric ones by setting different
			// properties on the access token below.
			var accessToken = new AuthorizationServerAccessToken {
				Lifetime = TimeSpan.FromHours(1),
				SymmetricKeyStore = this.CryptoKeyStore,
			};
			var result = new AccessTokenResult(accessToken);
			return result;
		}
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var rsa = new RSACryptoServiceProvider();
			rsa.ImportCspBlob(Convert.FromBase64String(ConfigurationManager.AppSettings["PrivateAsymmetricKey"]));

			var accessToken = new AuthorizationServerAccessToken() {
				AccessTokenSigningKey = rsa,
				ResourceServerEncryptionKey = rsa,
			};
			var result = new AccessTokenResult(accessToken);
			result.AllowRefreshToken = false;
			return result;
		}
        /// <summary>
        /// Token创建
        /// </summary>
        /// <param name="accessTokenRequestMessage"></param>
        /// <returns></returns>
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken();
            accessToken.Lifetime = _configuration.TokenLifetime;//设置Token的有效时间

            // 设置加密公钥
            accessToken.ResourceServerEncryptionKey =
                (RSACryptoServiceProvider)_configuration.EncryptionCertificate.PublicKey.Key;
            // 设置签名私钥
            accessToken.AccessTokenSigningKey = (RSACryptoServiceProvider)_configuration.SigningCertificate.PrivateKey;

            var result = new AccessTokenResult(accessToken);
            return result;
        }
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var accessToken = new AuthorizationServerAccessToken();

			// Just for the sake of the sample, we use a short-lived token.  This can be useful to mitigate the security risks
			// of access tokens that are used over standard HTTP.
			// But this is just the lifetime of the access token.  The client can still renew it using their refresh token until
			// the authorization itself expires.
			accessToken.Lifetime = TimeSpan.FromMinutes(2);

			// Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime
			// to account for that if necessary.
			//// TODO: code here

			// For this sample, we assume just one resource server.
			// If this authorization server needs to mint access tokens for more than one resource server,
			// we'd look at the request message passed to us and decide which public key to return.
			accessToken.ResourceServerEncryptionKey = new RSACryptoServiceProvider();
			accessToken.ResourceServerEncryptionKey.ImportParameters(ResourceServerEncryptionPublicKey);

			accessToken.AccessTokenSigningKey = CreateRSA();

			var result = new AccessTokenResult(accessToken);
			return result;
		}
 public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
 {
     var accessToken = new AuthorizationServerAccessToken
     {
         Lifetime = TimeSpan.FromHours(1),
         SymmetricKeyStore = CryptoKeyStore,
         ClientIdentifier = accessTokenRequestMessage.ClientIdentifier,
         User = accessTokenRequestMessage.UserName
     };
     var result = new AccessTokenResult(accessToken)
     {
         AllowRefreshToken = false // don't support refresh tokens for now
     };
     return result;
 }
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            //Default to a lifespan of one hours for all tokens.
            var accessToken = new AuthorizationServerAccessToken
            {
                Lifetime = TimeSpan.FromHours(1),
            };

            //Provide both signing and encryption keys for the token (the private/public relationships will be reversed
            //when the resource server digests the token
            accessToken.AccessTokenSigningKey =
                     (RSACryptoServiceProvider)AuthorizationServerCertificate.PrivateKey;
            accessToken.ResourceServerEncryptionKey =
                     (RSACryptoServiceProvider)ResourceServerCertificate.PublicKey.Key;

            //Return an access token result.
            var result = new AccessTokenResult(accessToken);
            return result;
        }