private async Task _applyImplicitToken(ApplyTokenResponseContext context)
{
if (!String.IsNullOrWhiteSpace(context.Response.AccessToken))
{
var at = context.Response.AccessToken;
var ei = context.Response.ExpiresIn ?? 0;
var authResult = await context.HttpContext.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme);
string clientid = authResult.Principal.Claims.Where(x => x.Type == "client_id").First().Value;
string userid = authResult.Principal.Claims.Where(x => x.Type == "sub").First().Value;
// Replace the old Tokens with the new ones
// If the user has an existing refresh or access token from the same application, they are both erased in favor of the one new Access token.
MockifyDbContext DatabaseContext = context.HttpContext.RequestServices.GetRequiredService <MockifyDbContext>();
ApplicationUser au = await DatabaseContext.ApplicationUser.Include(x => x.UserApplicationTokens).Where(x => x.Id == userid).FirstOrDefaultAsync();
foreach (UserApplicationToken old in au.UserApplicationTokens.Where(x => x.ClientId == clientid))
{
au.UserApplicationTokens.Remove(old);
}
au.UserApplicationTokens.Add(new UserApplicationToken()
{
ClientId = clientid, TokenType = "access_token", TokenValue = at, ExpiresAt = DateTime.UtcNow.AddSeconds(ei)
});
await DatabaseContext.SaveChangesAsync();
_stripUnnecessaryResponseParameters(context);
}
}
private async Task _applyClientCredentialsToken(ApplyTokenResponseContext context)
{
if (!String.IsNullOrWhiteSpace(context.Response.AccessToken))
{
var at = context.Response.AccessToken;
string clientid = context.Request.ClientId;
var ei = context.Response.ExpiresIn ?? 0;
// Write this Client Access Token to the database, replacing any old one that may be in use.
MockifyDbContext DatabaseContext = context.HttpContext.RequestServices.GetRequiredService <MockifyDbContext>();
RegisteredApplication ra = await DatabaseContext.Applications.Include(x => x.ClientCredentialToken).FirstOrDefaultAsync(x => x.ClientId == clientid);
if (ra == null)
{
// ??
return;
}
else
{
ra.ClientCredentialToken = new UserApplicationToken()
{
ClientId = clientid, TokenType = "client_credential", TokenValue = at, ExpiresAt = DateTime.UtcNow.AddSeconds(ei)
};
await DatabaseContext.SaveChangesAsync();
_stripUnnecessaryResponseParameters(context);
}
}
}
// Save refresh-token
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Response.Error == null && context.Response.RefreshToken != null)
{
if (context.Request.IsRefreshTokenGrantType())
{
var refreshTokenId = RefreshTokenProvider.GenerateId(context.Request.RefreshToken);
await RavenDatabaseProvider.DeleteEntity(refreshTokenId);
}
string remoteIpAddress = context.HttpContext.Connection.RemoteIpAddress?.ToString();
string userAgent = null;
if (context.HttpContext.Request.Headers.ContainsKey("User-Agent"))
{
userAgent = context.HttpContext.Request.Headers["User-Agent"].ToString();
}
await RefreshTokenProvider.CreateAsync(
context.Ticket.Principal.Identity.Name,
context.Response.RefreshToken,
remoteIpAddress,
userAgent,
context.Options.RefreshTokenLifetime);
}
return;
}
private async Task _applyRefreshToken(ApplyTokenResponseContext context)
{
if (!String.IsNullOrWhiteSpace(context.Response.AccessToken))
{
var at = context.Response.AccessToken;
var authResult = await context.HttpContext.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme);
string clientid = authResult.Principal.Claims.Where(x => x.Type == "client_id").First().Value;
string userid = authResult.Principal.Claims.Where(x => x.Type == "sub").First().Value;
// Replace the old Tokens with the new ones
MockifyDbContext DatabaseContext = context.HttpContext.RequestServices.GetRequiredService <MockifyDbContext>();
ApplicationUser au = await DatabaseContext.ApplicationUser.Include(x => x.UserApplicationTokens).Where(x => x.Id == userid).FirstOrDefaultAsync();
foreach (UserApplicationToken old in au.UserApplicationTokens.Where(x => x.ClientId == clientid && x.TokenType == "access_token").ToList())
{
au.UserApplicationTokens.Remove(old);
}
au.UserApplicationTokens.Add(new UserApplicationToken()
{
ClientId = clientid, TokenType = "access_token", TokenValue = at
});
await DatabaseContext.SaveChangesAsync();
_stripUnnecessaryResponseParameters(context);
}
}
private static void AddCustomPropertiesTokenResponsePayload(ApplyTokenResponseContext context)
{
foreach (var property in context.HttpContext.Items.Where(item => item.Key.ToString().StartsWith("as:")))
{
context.Response.Add(property.Key as string, new JValue(property.Value));
}
}
// Save refresh-token.
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Response.Error == null && context.Response.RefreshToken != null)
{
if (context.Request.IsRefreshTokenGrantType())
{
await DatabaseProvider.DeleteRefreshToken(context.Request.RefreshToken);
}
var remoteIpAddressStringValues = context.HttpContext.Request.Headers["X-Forwarded-For"];
var remoteIpAddress = remoteIpAddressStringValues.ToString();
if (StringValues.IsNullOrEmpty(remoteIpAddressStringValues))
{
remoteIpAddress = context.HttpContext.Connection.RemoteIpAddress?.ToString();
}
string userAgent = null;
if (context.HttpContext.Request.Headers.ContainsKey("User-Agent"))
{
userAgent = context.HttpContext.Request.Headers["User-Agent"].ToString();
}
var userId = context?.Ticket?.Principal?.Identity?.Name;
await DatabaseProvider.CreateRefreshToken(
userId,
context.Response.RefreshToken,
remoteIpAddress,
userAgent,
context.Options.RefreshTokenLifetime);
}
return;
}
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
context.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", "http://localhost:7844");
context.HttpContext.Response.Headers.Add("Access-Control-Allow-Method", "*");
context.HttpContext.Response.Headers.Add("Access-Control-Allow-Header", "*");
context.HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
await Task.FromResult(0);
}
public override Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Error == null)
{
foreach (var property in context.Ticket.Properties.Items)
{
context.Response.AddParameter(property.Key, new OpenIdConnectParameter(property.Value));
}
}
return(Task.FromResult(0));
}
public override Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
var token = context.Response.Root;
var stringified = JsonConvert.SerializeObject(token);
// the token will be stored in a cookie on the client
context.HttpContext.Response.Cookies.Append(
"exampleToken",
stringified,
new Microsoft.AspNetCore.Http.CookieOptions()
{
Path = "/",
HttpOnly = true, // to prevent XSS
Secure = false, // set to true in production
Expires = // your token life time
}
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Request.IsRefreshTokenGrantType())
{
await _applyRefreshToken(context);
}
else if (context.Request.IsAuthorizationCodeGrantType())
{
await _applyAuthorizationToken(context);
}
else if (context.Request.IsImplicitFlow())
{
await _applyImplicitToken(context);
}
else if (context.Request.IsClientCredentialsGrantType())
{
await _applyClientCredentialsToken(context);
}
await base.ApplyTokenResponse(context);
}
public override Task ApplyTokenResponse([NotNull] ApplyTokenResponseContext context) => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyTokenResponse(context));
private void _stripUnnecessaryResponseParameters(ApplyTokenResponseContext context)
{
_stripC(context.Response);
}
// Our Token Request was successful - we should write the returned values to the database.
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Error != null)
{
}
TService = context.HttpContext.RequestServices.GetRequiredService <TokenService>();
ApplicationDbContext db = context.HttpContext.RequestServices.GetRequiredService <ApplicationDbContext>();
OAuthClient client = await db.ClientApplications.FirstOrDefaultAsync(x => x.ClientId == context.Request.ClientId);
if (client == null)
{
return;
}
RateLimit rl = client.SubordinateTokenLimits;
// Implicit Flow Tokens are not returned from the `Token` group of methods - you can find them in the `Authorize` group.
if (context.Request.IsClientCredentialsGrantType())
{
// The only thing returned from a successful client grant is a single `Token`
Token t = new Token()
{
TokenType = OpenIdConnectConstants.TokenUsages.AccessToken,
GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials,
Value = context.Response.AccessToken,
RateLimit = rl ?? RateLimit.DefaultClientLimit,
};
await TService.WriteNewTokenToDatabase(context.Request.ClientId, t);
}
else if (context.Request.IsAuthorizationCodeGrantType())
{
Token access = new Token()
{
TokenType = OpenIdConnectConstants.TokenUsages.AccessToken,
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
Value = context.Response.AccessToken,
RateLimit = rl ?? RateLimit.DefaultAuthorizationCodeLimit,
};
Token refresh = new Token()
{
TokenType = OpenIdConnectConstants.TokenUsages.RefreshToken,
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
};
await TService.WriteNewTokenToDatabase(context.Request.ClientId, access, context.Ticket.Principal);
await TService.WriteNewTokenToDatabase(context.Request.ClientId, refresh, context.Ticket.Principal);
}
else if (context.Request.IsRefreshTokenGrantType())
{
Token access = new Token()
{
TokenType = OpenIdConnectConstants.TokenUsages.AccessToken,
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
Value = context.Response.AccessToken,
RateLimit = rl ?? RateLimit.DefaultAuthorizationCodeLimit,
};
await TService.WriteNewTokenToDatabase(context.Request.ClientId, access, context.Ticket.Principal);
}
}
public override Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
AddCustomPropertiesTokenResponsePayload(context);
return(Task.FromResult(true));
}
public Task ApplyTokenResponse(ApplyTokenResponseContext context) => OnApplyTokenResponse(context);
public override Task ApplyTokenResponse([NotNull] ApplyTokenResponseContext context) => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyTokenResponse(context));
