protected override async Task <bool> GetJsonAsync(IOwinEnvironment context, IClient client, CancellationToken cancellationToken) { Caching.AddDoNotCacheHeaders(context); var stormpathAccount = context.Request[OwinKeys.StormpathUser] as IAccount; var expansionOptions = _configuration.Web.Me.Expand; if (expansionOptions.Any(e => e.Value)) { stormpathAccount = await GetExpandedAccount(stormpathAccount.Href, client, expansionOptions, cancellationToken); } var responseModel = new { account = await SanitizeExpandedAccount(stormpathAccount, expansionOptions, cancellationToken) }; return(await JsonResponse.Ok(context, responseModel)); }
protected override async Task <bool> PostAsync(IOwinEnvironment context, IClient client, ContentNegotiationResult contentNegotiationResult, CancellationToken cancellationToken) { Caching.AddDoNotCacheHeaders(context); var rawBodyContentType = context.Request.Headers.GetString("Content-Type"); var bodyContentTypeDetectionResult = ContentNegotiation.DetectBodyType(rawBodyContentType); var isValidContentType = bodyContentTypeDetectionResult.Success && bodyContentTypeDetectionResult.ContentType == ContentType.FormUrlEncoded; if (!isValidContentType) { await Error.Create <OauthInvalidRequest>(context, cancellationToken); return(true); } var requestBody = await context.Request.GetBodyAsStringAsync(cancellationToken); var formData = FormContentParser.Parse(requestBody, _logger); var grantType = formData.GetString("grant_type"); if (string.IsNullOrEmpty(grantType)) { await Error.Create <OauthInvalidRequest>(context, cancellationToken); return(true); } try { if (grantType.Equals("client_credentials", StringComparison.OrdinalIgnoreCase) && _configuration.Web.Oauth2.Client_Credentials.Enabled) { await ExecuteClientCredentialsFlow(context, client, cancellationToken); return(true); } if (grantType.Equals("password", StringComparison.OrdinalIgnoreCase) && _configuration.Web.Oauth2.Password.Enabled) { var username = WebUtility.UrlDecode(formData.GetString("username")); var password = WebUtility.UrlDecode(formData.GetString("password")); await ExecutePasswordFlow(context, client, username, password, cancellationToken); return(true); } if (grantType.Equals("refresh_token", StringComparison.OrdinalIgnoreCase) && _configuration.Web.Oauth2.Password.Enabled) { var refreshToken = WebUtility.UrlDecode(formData.GetString("refresh_token")); await ExecuteRefreshFlow(context, client, refreshToken, cancellationToken); return(true); } } catch (ResourceException rex) { // Special handling of API errors for the OAuth route return(await Error.Create(context, new OauthError(rex.Message, rex.GetProperty("error")), cancellationToken)); } return(await Error.Create <OauthUnsupportedGrant>(context, cancellationToken)); }