private async Task <IActionResult> RefreshToken(McTokenRequest model) { try { // check if the received refreshToken exists for the given clientId var rt = DbContext.Tokens.FirstOrDefault(t => t.ClientId == model.client_id && t.Value == model.refresh_token); if (rt == null) { // refresh token not found or invalid (or invalid clientId) return(new UnauthorizedResult()); } // check if there's an user with the refresh token's userId var user = await UserManager.FindByIdAsync(rt.UserId); if (user == null) { // UserId not found or invalid return(new UnauthorizedResult()); } if (await UserManager.IsLockedOutAsync(user)) { // USer is no loner allowed to log in return(new UnauthorizedResult()); } // generate a new refresh token var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId); // invalidate the old refresh token (by deleting it) DbContext.Tokens.Remove(rt); // add the new refresh token DbContext.Tokens.Add(rtNew); // persist changes in the DB DbContext.SaveChanges(); // create a new access token... var response = await CreateAccessToken(rtNew.UserId, rtNew.Value); // ... and send it to the client return(Json(response)); } catch (Exception) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(McTokenRequest model) { try { // check if there's an user with the given username var user = await UserManager.FindByNameAsync(model.username); // if this is not a username, it's probably an e-mail address if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } if (await UserManager.GetLockoutEnabledAsync(user)) { // User is locked out return(new UnauthorizedResult()); } // username & password matches: create the refresh token var rt = CreateRefreshToken(model.client_id, user.Id); // add the new refresh token to the DB DbContext.Tokens.Add(rt); DbContext.SaveChanges(); // create & return the access token var t = await CreateAccessToken(user.Id, rt.Value); return(Json(t)); } catch (Exception) { return(new UnauthorizedResult()); } }
public async Task <IActionResult> Auth([FromBody] McTokenRequest model) { // return a generic HTTP Status 500 (Server Error) // if the client payload is invalid. if (model == null) { return(new StatusCodeResult(500)); } switch (model.grant_type) { case "password": return(await GetToken(model)); case "refresh_token": return(await RefreshToken(model)); default: // not supported - return a HTTP 401 (Unauthorized) return(new UnauthorizedResult()); } }