/// <summary>
/// Refreshes an access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <returns>A token response.</returns>
public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, Task <RsaSecurityKey> pregeneratedPopKeyTask = null)
{
if (string.IsNullOrEmpty(refreshToken))
{
throw new ArgumentException("refreshToken");
}
_logger.LogTrace("RefreshTokenAsync");
await EnsureConfigurationAsync().ConfigureAwait(false);
var client = TokenClientFactory.Create(_options);
TokenResponse response;
SigningCredentials popSigner = null;
if (_options.RequestPopTokens)
{
//-- PoP Key Creation
_logger.LogTrace("CreateProviderForPopToken");
var popKey = await(pregeneratedPopKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false);
var jwk = popKey.ToJwk();
response = await client.RequestRefreshTokenPopAsync(refreshToken, jwk.Alg, jwk.ToJwkString()).ConfigureAwait(false);
popSigner = new SigningCredentials(popKey, "RS256");
}
else
{
response = await client.RequestRefreshTokenAsync(refreshToken).ConfigureAwait(false);
}
if (response.IsError)
{
return(new RefreshTokenResult {
Error = response.Error
});
}
// validate token response
var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse).ConfigureAwait(false);
if (validationResult.IsError)
{
return(new RefreshTokenResult {
Error = validationResult.Error
});
}
return(new RefreshTokenResult
{
IdentityToken = response.IdentityToken,
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = (int)response.ExpiresIn,
PopTokenKey = popSigner
});
}
private async Task <Tuple <TokenResponse, RsaSecurityKey> > RedeemCodeAsync(string code, AuthorizeState state)
{
_logger.LogTrace("RedeemCodeAsync");
var client = GetTokenClient();
if (_options.RequestPopTokens)
{
//-- Make sure the key is created
_logger.LogTrace("CreateProviderForPopToken");
var popKey = await(state.PopTokenGenerationTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false);
var jwk = popKey.ToJwk();
//-- Code request.
_logger.LogTrace("Sending request");
var tokenResult = await client.RequestAuthorizationCodePopAsync(
code,
state.RedirectUri,
state.CodeVerifier,
jwk.Alg,
jwk.ToJwkString()
).ConfigureAwait(false);
return(new Tuple <TokenResponse, RsaSecurityKey>(tokenResult, popKey));
}
else
{
//-- Code request.
_logger.LogTrace("Sending request");
var tokenResult = await client.RequestAuthorizationCodeAsync(
code,
state.RedirectUri,
state.CodeVerifier
).ConfigureAwait(false);
return(new Tuple <TokenResponse, RsaSecurityKey>(tokenResult, null));
}
}
public AuthorizeState CreateAuthorizeState(Task <Microsoft.IdentityModel.Tokens.RsaSecurityKey> pregeneratedPoPKeyTask = null, object extraParameters = null)
{
_logger.LogTrace("CreateAuthorizeStateAsync");
var pkce = _crypto.CreatePkceData();
var state = new AuthorizeState
{
Nonce = _crypto.CreateNonce(),
State = _crypto.CreateState(),
RedirectUri = _options.RedirectUri,
CodeVerifier = pkce.CodeVerifier,
PopTokenGenerationTask = _options.RequestPopTokens ? pregeneratedPoPKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync() : null
};
state.StartUrl = CreateUrl(state.State, state.Nonce, pkce.CodeChallenge, extraParameters);
_logger.LogDebug(LogSerializer.Serialize(state));
return(state);
}
