private async Task <AuthenticationTicket> InvokeTokenEndpointRefreshTokenGrantAsync(
OAuthValidateTokenRequestContext validatingContext,
DateTimeOffset currentUtc)
{
TokenEndpointRequest tokenEndpointRequest = validatingContext.TokenRequest;
var refreshTokenContext = new AuthenticationTokenReceiveContext(
Context,
Options.RefreshTokenFormat,
tokenEndpointRequest.RefreshTokenGrant.RefreshToken);
await Options.RefreshTokenProvider.ReceiveAsync(refreshTokenContext);
AuthenticationTicket ticket = refreshTokenContext.Ticket;
if (ticket == null)
{
Logger.LogError("invalid refresh token");
validatingContext.SetError(Constants.Errors.InvalidGrant);
return(null);
}
if (!ticket.Properties.ExpiresUtc.HasValue ||
ticket.Properties.ExpiresUtc < currentUtc)
{
Logger.LogError("expired refresh token");
validatingContext.SetError(Constants.Errors.InvalidGrant);
return(null);
}
await Options.Provider.ValidateTokenRequest(validatingContext);
var grantContext = new OAuthGrantRefreshTokenContext(Context, Options, ticket, validatingContext.ClientContext.ClientId);
if (validatingContext.IsValidated)
{
await Options.Provider.GrantRefreshToken(grantContext);
}
return(ReturnOutcome(
validatingContext,
grantContext,
grantContext.Ticket,
Constants.Errors.InvalidGrant));
}
/// <summary>
/// 获取刷新token时的验证,授权类型为refresh_token
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
//此处需要验证是否为失效的refreshToken,因为执行refresh_token时,前一次的refreshToken应该失效.
//to do:
return(base.GrantRefreshToken(context));
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token"
/// along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token".
/// To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties
/// associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the
/// Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may
/// be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to
/// the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to
/// the access token unmodified.
/// See also http://tools.ietf.org/html/rfc6749#section-6
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public virtual Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
return(OnGrantRefreshToken.Invoke(context));
}