/// <summary>
/// Refreshes an access token by expiring the existing tokens and creating a new appauthorization entry
/// TODO: allow expiration dates
/// </summary>
/// <param name="appAuth"></param>
/// <returns></returns>
public static AppAuthorization AccessTokenRefresh(AppAuthorization appAuth)
{
// expire previous token
using (AuthorizationDataContext oauthDataCtxt = new AuthorizationDataContext(System.Configuration.ConfigurationManager.ConnectionStrings["OAuthDb"].ConnectionString))
{
/// expire old auth
var oldAppAuth = oauthDataCtxt.AppAuthorizations.First(a => a.Id == appAuth.Id);
oldAppAuth.AuthTokenExpiration = DateTime.UtcNow;
oldAppAuth.RefreshTokenExpiration = DateTime.UtcNow;
// create new auth
var newAppAuth = new AppAuthorization()
{
AppId = appAuth.AppId,
UserId = appAuth.UserId,
Scope = appAuth.Scope,
AuthToken = GenerateToken(),
RefreshToken = GenerateToken(),
Created = DateTime.UtcNow
};
oauthDataCtxt.AppAuthorizations.InsertOnSubmit(newAppAuth);
oauthDataCtxt.SubmitChanges();
return(newAppAuth as AppAuthorization);
}
}
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
public string Post(AccessTokenRequest tokenRequest)
{
// only 'refresh' is implemented
if (tokenRequest.grant_type == GRANT_REFRESH)
{
string refreshToken = this.Request.RequestUri.ParseQueryString()["refresh_token"];
AppAuthorization appAuth = OAuthTokenUtility.ValidateRefreshToken(tokenRequest.app_id, tokenRequest.app_secret, refreshToken);
if (appAuth == null)
{
// invalid request
return(Newtonsoft.Json.JsonConvert.SerializeObject(new ErrorMessage()
{
Type = "OAuthException", Message = "could not grant refreshed access token. please check your client id, client secret, and refresh token id (did it expire?)"
}));
}
else
{
// create new access token
AppAuthorization newAppAuth = OAuthTokenUtility.AccessTokenRefresh(appAuth);
return(Newtonsoft.Json.JsonConvert.SerializeObject(new AccessTokenMessage()
{
access_token = newAppAuth.AuthToken,
refresh_token = newAppAuth.RefreshToken,
token_type = "bearer",
expiration_utc = newAppAuth.AuthTokenExpiration,
scope = newAppAuth.Scope
}));
}
}
if (tokenRequest.grant_type == GRANT_ACCESS)
{
// requesting an authorization token using a short lived auth code
var authCode = this.Request.RequestUri.ParseQueryString()["code"];
return(Newtonsoft.Json.JsonConvert.SerializeObject(new ErrorMessage()
{
Type = "OAuthException", Message = "new access tokens not granted by this server"
}));
}
return(Newtonsoft.Json.JsonConvert.SerializeObject(new ErrorMessage()
{
Type = "OAuthException", Message = "not a valid grant_type"
}));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
AppAuthorization.Execute(Configuration);
}
// Custom User Identity / Principal
protected void Application_OnAuthenticateRequest(object sender, EventArgs e)
{
// Get Custom User Session
var ticket = AppAuthorization.GetSession();
if (ticket == null)
{
return;
}
// Use Custom User Session to update Asp.net Identity
var user = new FoundationPrincipal
{
Identity = new FoundationIdentity
{
Name = ticket.UserId,
IsAuthenticated = ticket.IsAuthenticated,
}
};
HttpContext.Current.User = user;
}