private async Task ValidateRequestAsync(IAuthorizationCodeTokenRequest request)
{
_request = request;
if (_request.ClientId == Guid.Empty)
{
throw new InvalidClientException("Invalid client credentials.");
}
if (_request.Code == null)
{
throw new InvalidGrantException("Invalid authorization code.");
}
_code = await _authorizationCodeRepository.FindAsync(_request.Code);
if (_code?.UserId == null || _code.IsExpired)
{
throw new InvalidGrantException("Invalid authorization code.");
}
// If someone tries to use the same authorization code twice, disable the access token.
if (_code.Used)
{
if (_code.AccessToken != null)
{
_code.AccessToken.Disabled = true;
await _accessTokenRepository.SaveAsync();
}
throw new InvalidGrantException("Invalid authorization code.");
}
if (_code.ClientId != _request.ClientId)
{
throw new InvalidGrantException("Invalid client id.");
}
_application = await _findApplicationService.FindByClientIdAsync(request.ClientId);
if (_application.Type == ClientTypes.Confidential)
{
await _authenticateClientService.AuthenticateAsync(request.ClientId, request.ClientSecret);
}
_redirectUri = request.RedirectUri ?? _application.RedirectUri;
if (_redirectUri != _application.RedirectUri)
{
throw new InvalidGrantException("The provided redirect URI does not match the one on record.");
}
}
public async Task <JwtToken> GenerateTokenAsync(IAuthorizationCodeTokenRequest request)
{
await ValidateRequestAsync(request);
await CreateJwtTokenAsync();
GenerateRefreshToken();
_code.Used = true;
_code.AccessTokenId = _jwtToken.TokenId;
_jwtToken.RefreshToken = _refreshToken.RefreshTokenId;
var accessToken = _jwtToken.ToAccessToken();
_accessTokenRepository.Add(accessToken);
await SaveAsync();
return(_jwtToken);
}
