public override async Task GrantRefreshToken(OAuthGrantRefreshTokenContext context) { var identity = context.Ticket.Identity; var id = identity.GetUserId(); var domain = identity.FindFirst("ac_domain"); var companyToken = identity.FindFirst("c_token"); Identity.AdobeConnectUser user = null; using (Identity.AdobeConnectUserManager userManager = _userManagerFactory()) { try { user = await userManager.RefreshSession(id, companyToken.Value, domain.Value, identity.Name); _logger?.Info($"[GrantRefreshToken.AfterLogin] ACSession={user.AcSessionToken}"); } catch (Exception ex) { // TODO: production-ready exceptions context.SetError("server_error", ex.Message); return; } } if (user == null) { context.SetError("token_refresh_error", "User session has not been updated successfully."); return; } // check for existing claim and remove it var existingClaims = identity.Claims.Where(x => x.Type == "ac_session" || x.Type == ClaimTypes.Role); foreach (var existingClaim in existingClaims) { identity.RemoveClaim(existingClaim); } identity.AddClaim(new Claim("ac_session", user.AcSessionToken)); if (user.Roles != null) { foreach (var role in user.Roles) { var roleClaim = new Claim(ClaimTypes.Role, role); identity.AddClaim(roleClaim); } } context.Validated(context.Ticket); _logger?.Info($"[GrantRefreshToken.Success] PrincipalId={user.Id}, ACSession={context.Ticket.Identity.FindFirst("ac_session")}"); // return Task.FromResult<object>(null); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { using (Identity.AdobeConnectUserManager userManager = _userManagerFactory()) { Identity.AdobeConnectUser user = null; try { user = await userManager.FindAsync(context.UserName, context.Password); } catch (Exception ex) { // TODO: production-ready exceptions context.SetError("server_error", ex.Message); return; } if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, context.Options.AuthenticationType); oAuthIdentity.AddClaim(new Claim("c_token", user.CompanyToken)); oAuthIdentity.AddClaim(new Claim("ac_domain", user.AcDomain)); oAuthIdentity.AddClaim(new Claim("ac_session", user.AcSessionToken)); if (user.Roles != null) { foreach (var role in user.Roles) { var roleClaim = new Claim(ClaimTypes.Role, role); oAuthIdentity.AddClaim(roleClaim); } } // cookie: ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user, // cookie: CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); _logger.Info($"[GrantResourceOwnerCredentials] PrincipalId={user.Id}, ACSession={context.Ticket.Identity.FindFirst("ac_session")}"); // cookie: context.Request.Context.Authentication.SignIn(cookiesIdentity); } }