private static AuthenticateResponse GetTokenResponse(IdpTokenResponse response)
{
if (response.Custom != null && response.Custom.ContainsKey("Error"))
{
return(new AuthenticateResponse {
Data = new Data {
Errors = new[] { new Error {
Code = 500, Text = response.Custom["Error"].ToString()
} }
}
});
}
return(new AuthenticateResponse {
Data = new Data {
Token = response.AccessToken
}
});
}
private static Models.TokenResponse GetTokenResponse(IdpTokenResponse response)
{
if (response.Custom != null && response.Custom.ContainsKey("Error"))
{
return(new Models.TokenResponse
{
Error = response.Custom["Error"].ToString(),
ErrorDescription = response.Custom["ErrorDescription"]?.ToString()
});
}
return(new Models.TokenResponse
{
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresIn = response.AccessTokenLifetime,
TokenType = "Bearer"
});
}
/// <summary>
/// Creates the response for an authorization code request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns></returns>
/// <exception cref="System.InvalidOperationException">Client does not exist anymore.</exception>
protected virtual async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(TokenRequestValidationResult request)
{
Logger.LogTrace("Creating response for authorization code request");
//////////////////////////
// access token
/////////////////////////
(var accessToken, var refreshToken) = await CreateAccessTokenAsync(request.ValidatedRequest);
var response = new TokenResponse
{
AccessToken = accessToken,
AccessTokenLifetime = request.ValidatedRequest.AccessTokenLifetime,
Custom = request.CustomResponse,
Scope = request.ValidatedRequest.AuthorizationCode.RequestedScopes.ToSpaceSeparatedString(),
};
//////////////////////////
// refresh token
/////////////////////////
if (refreshToken.IsPresent())
{
response.RefreshToken = refreshToken;
}
//////////////////////////
// id token
/////////////////////////
if (request.ValidatedRequest.AuthorizationCode.IsOpenId)
{
// load the client that belongs to the authorization code
Client client = null;
if (request.ValidatedRequest.AuthorizationCode.ClientId != null)
{
client = await Clients.FindEnabledClientByIdAsync(request.ValidatedRequest.AuthorizationCode.ClientId);
}
if (client == null)
{
throw new InvalidOperationException("Client does not exist anymore.");
}
var resources = await Resources.FindEnabledResourcesByScopeAsync(request.ValidatedRequest.AuthorizationCode.RequestedScopes);
var tokenRequest = new TokenCreationRequest
{
Subject = request.ValidatedRequest.AuthorizationCode.Subject,
Resources = resources,
Nonce = request.ValidatedRequest.AuthorizationCode.Nonce,
AccessTokenToHash = response.AccessToken,
StateHash = request.ValidatedRequest.AuthorizationCode.StateHash,
ValidatedRequest = request.ValidatedRequest
};
var idToken = await TokenService.CreateIdentityTokenAsync(tokenRequest);
var jwt = await TokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return(response);
}
