/// <summary>
/// Check whether the specified refresh token is valid.
/// </summary>
/// <param name="context">The acess token endpoint specific context.</param>
/// <returns>The task to check whether the specified authorization code is valid.</returns>
/// <exception cref="ArgumentNullException">Specified <paramref name="context"/> is null.</exception>
protected virtual async Task ValidateRefreshTokenAsync(TokenContext context)
{
Guard.ArgumentNotNull(context, nameof(context));
if (context.RefreshToken.HasExpired(SystemClock))
{
context.Failed(OAuthErrors.InvalidGrant.RefreshTokenHasExpired);
}
if (!await OAuthGrantStore.VaidateRefreshTokenAsync(context.RefreshToken.Fingerprint))
{
context.Failed(OAuthErrors.InvalidGrant.RefreshTokenIsRevoked);
}
}
/// <summary>
/// Validates resource accessing context.
/// </summary>
/// <param name="context">The resource accessing context.</param>
/// <returns>
/// The task to validate the resource accessing context.
/// </returns>
public async Task ValidateResourceContextAsync(ResourceContext context)
{
Guard.ArgumentNotNull(context, nameof(context));
if (context.OAuthTicket.HasExpired(SystemClock))
{
context.Failed(OAuthErrors.UnauthorizedClient.AccessTokenHasExpired);
return;
}
if (!await OAuthGrantStore.VaidateAccessTokenAsync(context.OAuthTicket.Fingerprint))
{
context.Failed(OAuthErrors.UnauthorizedClient.AccessTokenIsRevoked);
return;
}
if (!context.ResourceEndpoint.Scopes.Intersect(context.OAuthTicket.Scopes).Any())
{
context.Failed(OAuthErrors.UnauthorizedClient.UnauthorizedScopes);
}
}
