public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
string device = context.OwinContext.Get <string>("device");
if (!ValidateDevice(device))
{
context.SetError("invalid_device", "device must be sent");
return;
}
UserModel user;
if (!_authService.AuthenticateUser(context.UserName, HashProvider.Get(context.Password), out user))
{
context.SetError("invalid_grant", "user name or password is invalid");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ApiConstants.ClaimDevice, device));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{ "fullname", user.FullName },
{ "as:client_id", context.ClientId },
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var token = HashProvider.Get(context.Token);
var refreshToken = _tokenService.GetRefreshToken(token);
if (refreshToken != null)
{
context.DeserializeTicket(refreshToken.ProtectedTicket);
_tokenService.RemoveRefreshToken(token);
_tokenService.RemoveExpiredRefreshTokens(refreshToken.UserName);
}
}
public override async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var token = HashProvider.Get(context.Token);
var refreshToken = _tokenService.GetRefreshToken(token);
if (refreshToken != null)
{
context.DeserializeTicket(refreshToken.ProtectedTicket);
_tokenService.RemoveRefreshToken(token);
_tokenService.RemoveExpiredRefreshTokens(refreshToken.UserName);
}
}
public override async Task CreateAsync(AuthenticationTokenCreateContext context)
{
string userName = context.Ticket.Identity.Name;
string token = Guid.NewGuid().ToString("n");
var refreshToken = new RefreshToken
{
UserName = userName,
Token = HashProvider.Get(token),
IssuedDate = DateTime.UtcNow,
ExpiresDate = DateTime.UtcNow.AddMinutes(AppConfiguration.RefreshTokenExpireTimeInMin)
};
context.Ticket.Properties.IssuedUtc = refreshToken.IssuedDate;
context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresDate;
refreshToken.ProtectedTicket = context.SerializeTicket();
_tokenService.SaveRefreshToken(refreshToken);
context.SetToken(token);
}
private bool AuthenticateClient(OAuthValidateClientAuthenticationContext context, string clientId, string clientSecret)
{
if (string.IsNullOrWhiteSpace(clientId))
{
context.SetError("invalid_client_id", "client_id must be supplied");
return(false);
}
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_client_secret", "client_secret must be supplied");
return(false);
}
var client = _clientService.GetClient(clientId);
if (client == null)
{
context.SetError("invalid_client_id", "client_id is invalid");
return(false);
}
if (client.Secret != HashProvider.Get(clientSecret))
{
context.SetError("invalid_client_secret", "client_secret is invalid");
return(false);
}
if (!client.Active)
{
context.SetError("invalid_client", "client is inactive");
return(false);
}
return(true);
}
public override Task CreateAsync(AuthenticationTokenCreateContext context)
{
string userName = context.Ticket.Identity.Name;
string clientId = context.Ticket.Properties.Dictionary["as:client_id"];
string token = Guid.NewGuid().ToString("n");
var refreshToken = new RefreshTokenModel
{
ClientId = clientId,
UserName = userName,
Token = HashProvider.Get(token),
ProtectedTicket = context.SerializeTicket(),
IssuedDate = DateTime.UtcNow,
ExpiresDate = DateTime.UtcNow.AddMinutes(AppConfiguration.RefreshTokenExpireTimeInMin)
};
_tokenService.SaveRefreshToken(refreshToken);
context.Ticket.Properties.IssuedUtc = refreshToken.IssuedDate;
context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresDate;
context.SetToken(token);
return(Task.CompletedTask);
}