private async Task ValidateRequestAsync(IAuthorizationCodeTokenRequest request) { _request = request; if (_request.ClientId == Guid.Empty) { throw new InvalidClientException("Invalid client credentials."); } if (_request.Code == null) { throw new InvalidGrantException("Invalid authorization code."); } _code = await _authorizationCodeRepository.FindAsync(_request.Code); if (_code?.UserId == null || _code.IsExpired) { throw new InvalidGrantException("Invalid authorization code."); } // If someone tries to use the same authorization code twice, disable the access token. if (_code.Used) { if (_code.AccessToken != null) { _code.AccessToken.Disabled = true; await _accessTokenRepository.SaveAsync(); } throw new InvalidGrantException("Invalid authorization code."); } if (_code.ClientId != _request.ClientId) { throw new InvalidGrantException("Invalid client id."); } _application = await _findApplicationService.FindByClientIdAsync(request.ClientId); if (_application.Type == ClientTypes.Confidential) { await _authenticateClientService.AuthenticateAsync(request.ClientId, request.ClientSecret); } _redirectUri = request.RedirectUri ?? _application.RedirectUri; if (_redirectUri != _application.RedirectUri) { throw new InvalidGrantException("The provided redirect URI does not match the one on record."); } }
public async Task <JwtToken> GenerateTokenAsync(IAuthorizationCodeTokenRequest request) { await ValidateRequestAsync(request); await CreateJwtTokenAsync(); GenerateRefreshToken(); _code.Used = true; _code.AccessTokenId = _jwtToken.TokenId; _jwtToken.RefreshToken = _refreshToken.RefreshTokenId; var accessToken = _jwtToken.ToAccessToken(); _accessTokenRepository.Add(accessToken); await SaveAsync(); return(_jwtToken); }