public virtual TokenResponse CreateTokenResponseFromAuthorizationCode(StoredGrant handle, IStoredGrantManager handleManager)
{
var resourceOwner = Principal.Create(
"OAuth2",
handle.ResourceOwner.ToClaims().ToArray());
var validatedRequest = new ValidatedRequest
{
Client = handle.Client,
Application = handle.Application,
Scopes = handle.Scopes
};
var response = CreateTokenResponse(validatedRequest, resourceOwner);
if (handle.CreateRefreshToken)
{
var refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle(
resourceOwner.GetSubject(),
handle.Client,
handle.Application,
resourceOwner.Claims,
handle.Scopes,
handle.RefreshTokenExpiration.Value,
validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken);
handleManager.Add(refreshTokenHandle);
response.RefreshToken = refreshTokenHandle.GrantId;
}
handleManager.Delete(handle.GrantId);
return response;
}
public Models.StoredGrant Get(string handleIdentifier)
{
DateTime expiration;
if (_expired)
{
expiration = DateTime.UtcNow.Subtract(TimeSpan.FromHours(1));
}
else
{
expiration = DateTime.UtcNow.Add(TimeSpan.FromHours(1));
}
if (handleIdentifier == _id)
{
var handle = new StoredGrant
{
Client = new Client
{
ClientId = _clientId
},
RedirectUri = _redirectUri,
Expiration = expiration
};
return handle;
}
return null;
}
public virtual TokenResponse CreateTokenResponse(StoredGrant handle, IStoredGrantManager handleManager)
{
if (handle.Type == StoredGrantType.AuthorizationCode)
{
return CreateTokenResponseFromAuthorizationCode(handle, handleManager);
}
if (handle.Type == StoredGrantType.RefreshTokenIdentifier)
{
return CreateTokenResponseFromRefreshToken(handle, handleManager);
}
throw new ArgumentException("handle.Type");
}
public virtual TokenResponse CreateTokenResponseFromRefreshToken(StoredGrant handle, IStoredGrantManager handleManager)
{
var resourceOwner = Principal.Create(
"OAuth2",
handle.ResourceOwner.ToClaims().ToArray());
if (DateTime.UtcNow > handle.Expiration)
{
throw new InvalidOperationException("Refresh token has expired.");
}
var validatedRequest = new ValidatedRequest
{
Client = handle.Client,
Application = handle.Application,
Scopes = handle.Scopes,
};
var response = CreateTokenResponse(validatedRequest, resourceOwner);
response.RefreshToken = handle.GrantId;
return response;
}
public virtual TokenResponse CreateTokenResponseFromRefreshToken(StoredGrant handle, IStoredGrantManager handleManager)
{
var resourceOwner = Principal.Create(
"OAuth2",
handle.ResourceOwner.ToClaims().ToArray());
if (DateTime.UtcNow > handle.Expiration)
{
throw new InvalidOperationException("Refresh token has expired.");
}
var validatedRequest = new ValidatedRequest
{
Client = handle.Client,
Application = handle.Application,
Scopes = handle.Scopes,
};
var response = CreateTokenResponse(validatedRequest, resourceOwner);
if (handle.CreateRefreshToken)
{
StoredGrant refreshTokenHandle;
if (validatedRequest.Application.AllowSlidingRefreshTokenExpiration)
{
var rememberTimeSpan = handle.Expiration.Subtract(handle.Created);
var newRefreshTokenExpiration = DateTime.UtcNow.Add(rememberTimeSpan);
refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle(
resourceOwner.GetSubject(),
handle.Client,
handle.Application,
resourceOwner.Claims,
handle.Scopes,
newRefreshTokenExpiration,
createRefreshToken: validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken);
}
else
{
refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle(
resourceOwner.GetSubject(),
handle.Client,
handle.Application,
resourceOwner.Claims,
handle.Scopes,
handle.Expiration,
createRefreshToken: validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken);
}
response.RefreshToken = refreshTokenHandle.GrantId;
handleManager.Add(refreshTokenHandle);
handleManager.Delete(handle.GrantId);
}
else
{
response.RefreshToken = handle.GrantId;
}
return response;
}
public void Init()
{
DataProtectection.Instance = new NoProtection();
globalConfiguration = new GlobalConfiguration() { Issuer = "Test Issuer" };
rocv = new Mock<IResourceOwnerCredentialValidation>();
config = new Mock<IAuthorizationServerConfiguration>();
handleManager = new Mock<IStoredGrantManager>();
assertionGrantValidator = new Mock<IAssertionGrantValidation>();
clientManager = new Mock<IClientManager>();
tokenService = new TokenService(globalConfiguration);
#region Setup Test Client
string secret = "12345678";
byte[] encodedByte = System.Text.ASCIIEncoding.ASCII.GetBytes(secret);
string base64EncodedSecret = Convert.ToBase64String(encodedByte);
_Client = new Client()
{
ClientId = "MobileAppShop",
ClientSecret = base64EncodedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
#endregion
#region Setup Test Application
var scope = new Scope();
scope.Name = "read";
scope.AllowedClients = new List<Client>();
scope.AllowedClients.Add(_Client);
_Scopes = new List<Scope>();
_Scopes.Add(scope);
string symmetricKey = "C33333333333333333333333335=";
byte[] keybytes = Convert.FromBase64String(symmetricKey);
SecurityKey securityKey = new InMemorySymmetricSecurityKey(keybytes);
_Application = new Application()
{
Name = "Test Application 1",
Scopes = _Scopes,
Audience = "Test Audience",
TokenLifetime = 1,
AllowRefreshToken = true,
};
#endregion
#region Setup Example StoredGrant
Claim[] resourceOwnerClaims = { new Claim("Username", "JohnSmith"), new Claim("sub", "JohnSmith") };
_StoredGrant = new StoredGrant()
{
GrantId = "MyFavouriteRefrehToken1234",
CreateRefreshToken = true,
Client = _Client,
ResourceOwner = resourceOwnerClaims.ToStoredGrantClaims().ToList(),
Expiration = DateTime.Now.AddDays(1),
RefreshTokenExpiration = DateTime.Now.AddMonths(1),
Type = StoredGrantType.RefreshTokenIdentifier,
Scopes = _Scopes,
Application = _Application
};
#endregion
#region Setup Mocking Objects
// IAuthorizationServerConfiguration
config.Setup(x => x.FindApplication(It.IsNotNull<string>()))
.Returns((string name) =>
{
return _Application;
});
config.Setup(x => x.GlobalConfiguration).Returns(() => globalConfiguration);
// IClientManager
clientManager.Setup(x => x.Get(It.IsNotNull<string>()))
.Returns((string clientId) =>
{
return _Client;
});
// IResourceOwnerCredentialValidation
rocv.Setup(x => x.Validate(It.IsNotNull<string>(), It.IsNotNull<string>()))
.Returns((string username, string password) =>
{
return Principal.Create("Test", resourceOwnerClaims);
});
// IStoredGrantManager
handleManager.Setup(x => x.Get(It.IsNotNull<string>()))
.Returns((string grantIdentifier) =>
{
return _StoredGrant;
});
#endregion
_TokenController = new TokenController(
rocv.Object,
config.Object,
handleManager.Object,
assertionGrantValidator.Object,
tokenService,
clientManager.Object);
_TokenController.Request = new HttpRequestMessage();
_TokenController.Request.SetConfiguration(new HttpConfiguration());
}
