public async Task<IHttpActionResult> RefreshToken(RefreshTokenRequest refreshTokenRequest)
{
var tokenClient = new TokenClient("https://localhost:44302/connect/token", "AngularClient", "secret");
var result = await tokenClient.RequestRefreshTokenAsync(refreshTokenRequest.RefreshAccessToken);
return Ok(new
{
result.AccessToken,
result.RefreshToken
});
}
private async Task <bool> RefreshTokensAsync(CancellationToken cancellationToken)
{
var refreshToken = RefreshToken;
if (string.IsNullOrEmpty(refreshToken))
{
return(false);
}
if (await _lock.WaitAsync(_lockTimeout, cancellationToken).ConfigureAwait(false))
{
try
{
var response = await _tokenClient.RequestRefreshTokenAsync(refreshToken, cancellationToken : cancellationToken).ConfigureAwait(false);
if (!response.IsError)
{
_accessToken = response.AccessToken;
_refreshToken = response.RefreshToken;
return(true);
}
}
finally
{
_lock.Release();
}
}
return(false);
}
private async Task <bool> RefreshTokensAsync(CancellationToken cancellationToken)
{
var refreshToken = RefreshToken;
if (string.IsNullOrEmpty(refreshToken))
{
return(false);
}
if (_lock.TryEnterWriteLock(_lockTimeout))
{
try
{
var response = await _tokenClient.RequestRefreshTokenAsync(refreshToken, cancellationToken : cancellationToken);
if (!response.IsError)
{
_accessToken = response.AccessToken;
_refreshToken = response.RefreshToken;
return(true);
}
}
finally
{
_lock.ExitWriteLock();
}
}
return(false);
}
public async Task<ActionResult> RefreshToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"codeclient",
"secret");
var principal = User as ClaimsPrincipal;
var refreshToken = principal.FindFirst("refresh_token").Value;
var response = await client.RequestRefreshTokenAsync(refreshToken);
UpdateCookie(response);
return RedirectToAction("Index");
}
private async Task <bool> RefreshTokensAsync(CancellationToken cancellationToken)
{
var refreshToken = RefreshToken;
if (refreshToken.IsMissing())
{
return(false);
}
if (await _lock.WaitAsync(Timeout, cancellationToken).ConfigureAwait(false))
{
try
{
var response = await _tokenClient.RequestRefreshTokenAsync(refreshToken, cancellationToken : cancellationToken).ConfigureAwait(false);
if (!response.IsError)
{
_accessToken = response.AccessToken;
if (!response.RefreshToken.IsMissing())
{
_refreshToken = response.RefreshToken;
}
#pragma warning disable 4014
Task.Run(() =>
{
foreach (EventHandler <TokenRefreshedEventArgs> del in TokenRefreshed.GetInvocationList())
{
try
{
del(this, new TokenRefreshedEventArgs(response.AccessToken, response.RefreshToken, (int)response.ExpiresIn));
}
catch { }
}
}).ConfigureAwait(false);
#pragma warning restore 4014
return(true);
}
}
finally
{
_lock.Release();
}
}
return(false);
}
/// <summary>
/// Rigenera l'access token di OAuth2 partendo da un refresh token.
/// </summary>
/// <param name="owinContext">Il contesto HTTP di OWIN.</param>
/// <param name="clientId">Il client ID a cui sono legati i token.</param>
/// <param name="currentTokens">I token attualmente disponibili.</param>
/// <returns>I nuovi token ottenuti in seguito al refresh.</returns>
public async Task<OAuth2TokensCookie> RefreshAsync(IOwinContext owinContext, string clientId, OAuth2TokensCookie currentTokens)
{
// Registro la data di inizio in maniera conservativa.
var accessTokenCreatedOn = _clock.UtcNow;
var address = AuthorizationSettings.AccessTokenRefreshEndpointUri.AbsoluteUri;
var clientSecret = AuthorizationSettings.Clients[clientId].ClientSecret;
// Attivo il client per il refresh dei token.
var tokenClient = new TokenClient(address, clientId, clientSecret);
var tokenResponse = await tokenClient.RequestRefreshTokenAsync(currentTokens.RefreshToken);
// Registro il piĆ¹ possibile in caso di errore.
if (tokenResponse.IsError || tokenResponse.IsHttpError)
{
var tokenRespErr = string.IsNullOrWhiteSpace(tokenResponse.Error)
? tokenResponse.HttpErrorReason
: tokenResponse.Error;
var errMsg = $"{tokenResponse.HttpErrorStatusCode} - {tokenRespErr}";
_log.Error(new LogMessage
{
ShortMessage = errMsg,
LongMessage = tokenResponse.Raw,
Context = "Requesting new access and refresh tokens",
Arguments = new[]
{
KeyValuePair.Create("token_status_code", tokenResponse.HttpErrorStatusCode.ToString()),
KeyValuePair.Create("token_type", tokenResponse.TokenType)
}
});
// Lancio un'eccezione per uscire immediatamente.
throw new Exception(errMsg);
}
return new OAuth2TokensCookie
{
AccessToken = tokenResponse.AccessToken,
AccessTokenCreatedOn = accessTokenCreatedOn,
AccessTokenExpiresIn = tokenResponse.ExpiresIn,
RefreshToken = tokenResponse.RefreshToken,
RandomToken = currentTokens.RandomToken
};
}
/// <summary>
/// Refresh access token with specified refresh token asynchronous.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <returns>A <see cref="Task{TResult}"/> represents the refresh operation.</returns>
public async Task<IResponse> RefreshTokenAsync(string refreshToken) {
var disco = await DiscoveryClient.GetAsync(_options.Authority);
string clientId = _httpContext.Request.Headers[ClientId];
if (string.IsNullOrWhiteSpace(clientId)) {
clientId = _options.DefaultClientId;
}
string clientSecret = _httpContext.Request.Headers[ClientSecret];
if (string.IsNullOrWhiteSpace(clientSecret)) {
clientSecret = _options.DefaultClientSecret;
}
string scope = _httpContext.Request.Headers[Scope];
if (string.IsNullOrWhiteSpace(scope)) {
scope = _options.DefaultScope;
}
var client = new TokenClient(disco.TokenEndpoint, clientId, clientSecret);
var response = await client.RequestRefreshTokenAsync(refreshToken);
return ApiResponse.FromTokenResponse(response);
}
public async Task when_refreshing_new_exp_should_be_prior_to_old_exp()
{
var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler);
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access");
var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler);
var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2);
await Task.Delay(1000);
var refreshResponse = await tokenClient.RequestRefreshTokenAsync(tokenResponse.RefreshToken);
var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = refreshResponse.AccessToken
});
var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2);
exp1.Should().BeLessThan(exp2);
}
private static TokenResponse RefreshToken(string refreshToken, TokenClient tokenClient)
{
Console.WriteLine("Using refresh token: {0}", refreshToken);
return tokenClient.RequestRefreshTokenAsync(refreshToken).Result;
}
