/// <summary>
/// Refreshes an access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <returns>A token response.</returns>
public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken)
{
_logger.LogTrace("RefreshTokenAsync");
await EnsureConfigurationAsync();
var client = TokenClientFactory.Create(_options);
var response = await client.RequestRefreshTokenAsync(refreshToken);
if (response.IsError)
{
return(new RefreshTokenResult {
Error = response.Error
});
}
// validate token response
var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse);
if (validationResult.IsError)
{
return(new RefreshTokenResult {
Error = validationResult.Error
});
}
return(new RefreshTokenResult
{
IdentityToken = response.IdentityToken,
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = (int)response.ExpiresIn
});
}
/// <summary>
/// Refreshes an access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="extraParameters">The extra parameters.</param>
/// <returns>
/// A token response.
/// </returns>
public virtual async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, object extraParameters = null)
{
_logger.LogTrace("RefreshTokenAsync");
await EnsureConfigurationAsync();
var client = TokenClientFactory.Create(_options);
var response = await client.RequestRefreshTokenAsync(refreshToken, extra : extraParameters);
if (response.IsError)
{
return(new RefreshTokenResult {
Error = response.Error
});
}
// validate token response
var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse);
if (validationResult.IsError)
{
return(new RefreshTokenResult {
Error = validationResult.Error
});
}
return(new RefreshTokenResult
{
IdentityToken = response.IdentityToken,
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = (int)response.ExpiresIn,
AccessTokenExpiration = DateTime.Now.AddSeconds(response.ExpiresIn)
});
}
/// <summary>
/// Refreshes an access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <returns>A token response.</returns>
public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, Task <RsaSecurityKey> pregeneratedPopKeyTask = null)
{
if (string.IsNullOrEmpty(refreshToken))
{
throw new ArgumentException("refreshToken");
}
_logger.LogTrace("RefreshTokenAsync");
await EnsureConfigurationAsync().ConfigureAwait(false);
var client = TokenClientFactory.Create(_options);
TokenResponse response;
SigningCredentials popSigner = null;
if (_options.RequestPopTokens)
{
//-- PoP Key Creation
_logger.LogTrace("CreateProviderForPopToken");
var popKey = await(pregeneratedPopKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false);
var jwk = popKey.ToJwk();
response = await client.RequestRefreshTokenPopAsync(refreshToken, jwk.Alg, jwk.ToJwkString()).ConfigureAwait(false);
popSigner = new SigningCredentials(popKey, "RS256");
}
else
{
response = await client.RequestRefreshTokenAsync(refreshToken).ConfigureAwait(false);
}
if (response.IsError)
{
return(new RefreshTokenResult {
Error = response.Error
});
}
// validate token response
var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse).ConfigureAwait(false);
if (validationResult.IsError)
{
return(new RefreshTokenResult {
Error = validationResult.Error
});
}
return(new RefreshTokenResult
{
IdentityToken = response.IdentityToken,
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = (int)response.ExpiresIn,
PopTokenKey = popSigner
});
}
/// <summary>
/// Refreshes an access token.
/// </summary>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="backChannelParameters">Back-channel parameters</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// A token response.
/// </returns>
public virtual async Task <RefreshTokenResult> RefreshTokenAsync(
string refreshToken,
Parameters backChannelParameters = null,
CancellationToken cancellationToken = default)
{
_logger.LogTrace("RefreshTokenAsync");
await EnsureConfigurationAsync(cancellationToken);
backChannelParameters = backChannelParameters ?? new Parameters();
var client = Options.CreateClient();
var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = Options.ProviderInformation.TokenEndpoint,
ClientId = Options.ClientId,
ClientSecret = Options.ClientSecret,
ClientAssertion = Options.ClientAssertion,
ClientCredentialStyle = Options.TokenClientCredentialStyle,
RefreshToken = refreshToken,
Parameters = backChannelParameters
}, cancellationToken).ConfigureAwait(false);
if (response.IsError)
{
return(new RefreshTokenResult
{
Error = response.Error,
ErrorDescription = response.ErrorDescription,
});
}
// validate token response
var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : Options.Policy.RequireIdentityTokenOnRefreshTokenResponse,
cancellationToken : cancellationToken);
if (validationResult.IsError)
{
return(new RefreshTokenResult {
Error = validationResult.Error
});
}
return(new RefreshTokenResult
{
IdentityToken = response.IdentityToken,
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = response.ExpiresIn,
AccessTokenExpiration = DateTimeOffset.Now.AddSeconds(response.ExpiresIn)
});
}
