public HttpResponseMessage Token([FromBody] OAuthTokenRequest tokenRequest)
{
HttpContext.Response.Headers.Add("Cache-Control", "no-store");
HttpContext.Response.Headers.Add("Pragma", "no-store");
// Fetch client and validate
var client = _oAuthClientService.FindValidClient(
tokenRequest.ClientId,
tokenRequest.ClientSecret,
tokenRequest.GrantType);
if (client == null)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidClient)))
});
}
switch (tokenRequest.GrantType)
{
case OAuthGrantTypes.Password:
return(ProcessPasswordGrant(client, tokenRequest));
case OAuthGrantTypes.RefreshToken:
return(ProcessRefreshTokenGrant(client, tokenRequest));
}
var answer = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidGrant)))
};
return(answer);
}
public object Token(OAuthTokenRequest request)
{
if (!Context.Options.AllowInsecureHttp && Request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
throw new OAuthResponseException(HttpStatusCode.UpgradeRequired, new { invalid_scheme = "Requests must be made over HTTPS" });
}
if (request == null)
{
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_request = "Invalid request, please make sure to post request data as application/x-www-form-urlencoded" });
}
ProcessClient(request);
SetAllowedOriginHeader();
switch (request.grant_type)
{
case "password":
return(ProcessPasswordTokenRequest(request));
case "refresh_token":
return(ProcessRefreshTokenRequest(request));
default:
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_grant = "Invalid grant_type" });
}
}
protected object ProcessRefreshTokenRequest(OAuthTokenRequest request)
{
// Don't do anything if we don't have a token store registered
if (Context.Services.RefreshTokenStore == null)
{
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_refreshToken = "A refresh token store is not registered in the system" });
}
// Lookup the refresh token
var key = request.refresh_token.GenerateHash();
var token = Context.Services.RefreshTokenStore.FindRefreshToken(key);
if (token != null)
{
if (token.ExpiresUtc <= DateTime.UtcNow)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_refreshToken = "The refresh token has expired" });
}
if (Client != null && token.ClientId != Client.ClientId)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientId = "Refresh token is issued to a different clientId" });
}
if (token.Realm != Context.Realm)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_realm = "Refresh token is issued to a different realm" });
}
return(ProcessUsernameRequest(token.Subject));
}
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_refreshToken = $"Refresh token {request.refresh_token} not found" });
}
public async Task <bool> ExchangeOAuthCode(string oauthCode)
{
var url = "https://api.trakt.tv/oauth/token";
var request = new HttpRequestMessage(HttpMethod.Post, url);
var content = new OAuthTokenRequest
{
Code = oauthCode,
ClientId = _configuration.TraktClientId,
ClientSecret = _configuration.TraktClientSecret,
RedirectUri = Constants.RedirectUri,
GrantType = "authorization_code"
};
request.Content = new StringContent(JsonConvert.SerializeObject(content), Encoding.UTF8, "application/json");
var response = await _httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var accessToken = JsonConvert.DeserializeObject <AccessTokenResponse>(responseContent);
await _tokenRepository.SaveAccessToken(accessToken);
return(true);
}
return(false);
}
public IActionResult FakeToken([FromForm] OAuthTokenRequest request)
{
Console.WriteLine("Got Fake token request");
object resp = null;
if (request.grant_type == "authorization_code")
{
resp = new
{
token_type = "Bearer",
access_token = Utils.RandomString(10),
refresh_token = Utils.RandomString(10),
expires_in = 3600
};
}
else
{
resp = new
{
token_type = "Bearer",
access_token = Utils.RandomString(10),
expires_in = 3600
};
}
return(Ok(resp));
}
/// <summary>
/// Verify incoming request for access token
/// </summary>
public static bool VerifyOAuthRequestTokenParameters(OAuthTokenRequest tokenRequest)
{
if (!string.IsNullOrEmpty(tokenRequest.grant_type) &&
!tokenRequest.grant_type.Equals(OAuthConstants.ACCESS_TOKEN))
{
throw new ApiException(HttpStatusCode.BadRequest, "Missing required parameter: grant_type");
}
if (!string.IsNullOrEmpty(tokenRequest.scope) && !tokenRequest.scope.Equals(DEFAULT_SCOPE))
{
throw new ApiException(HttpStatusCode.BadRequest, "The specified scope is invalid");
}
if (string.IsNullOrEmpty(tokenRequest.scope))
{
tokenRequest.scope = DEFAULT_SCOPE;
}
if (string.IsNullOrEmpty(tokenRequest.username))
{
throw new ApiException(HttpStatusCode.BadRequest, "Missing required parameter: username");
}
if (string.IsNullOrEmpty(tokenRequest.password))
{
throw new ApiException(HttpStatusCode.BadRequest, "Missing required parameter: password");
}
return(true);
}
/// <inheritdoc/>
public OAuthToken GetTokenFromCode(string code, string redirectUri)
{
Preconditions.NotEmpty("code", code);
Preconditions.NotEmpty("redirectUri", redirectUri);
var request = new HttpRequest();
request.Method = "POST";
request.Url = TokenUrl;
var requestBody = new OAuthTokenRequest
{
ClientId = this.clientId,
ClientSecret = this.clientSecret,
GrantType = CodeGrantType,
Code = code,
RedirectUri = redirectUri,
};
request.SetJsonBody(requestBody);
var tokenResponse = this.HttpClient.GetJsonResponse <OAuthTokenResponse>(request);
return(tokenResponse.ToToken());
}
/// <summary>
/// Authenticates this system against the specified realm
/// </summary>
public static IPrincipal Authenticate(String realm, String user, String password)
{
var oauthRequest = new OAuthTokenRequest(user, password, "*")
{
ClientId = "fiddler",
ClientSecret = "fiddler"
};
// Client for authentication
try
{
using (var client = CreateClient($"{realm}/auth", false))
{
var response = client.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", oauthRequest);
if (!String.IsNullOrEmpty(response.AccessToken))
{
AuthenticationContext.EnterContext(new TokenClaimsPrincipal(response.AccessToken, response.IdToken, response.TokenType, response.RefreshToken, null));
}
else
{
throw new Exception("Could not retrieve token from server");
}
return(AuthenticationContext.Current.Principal);
}
}
catch (Exception e)
{
Console.WriteLine("Could not authenticate: {0}", e);
throw new Exception($"Could not authenticate", e);
}
}
private OAuthTokenRequest CheckForDefault(OAuthTokenRequest request)
{
if (request.username == null && request.grant_type == "default_token")
{
request.username = "******";
request.password = "";
}
return(request);
}
protected object ProcessPasswordTokenRequest(OAuthTokenRequest request)
{
// Validate the user
if (Context.Services.UserService.ValidateUser(request.username, request.password))
{
return(ProcessUsernameRequest(request.username));
}
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_grant = "The username and/or password is incorrect" });
}
public AccessToken GetApplicationToken(string applicationId, string applicationSecret, string state = null)
{
OAuthTokenRequest request = new OAuthTokenRequest
{
grant_type = OAuthGrantTypes.APPLICATION,
client_id = applicationId,
client_secret = applicationSecret,
state = state
};
OAuthTokenResponse response = _service.CreateAccessToken(request);
return(GetResponse(response, AccessTokenType.Application));
}
public AccessToken GetAccessToken(string authorizationCode, string applicationId, string applicationSecret, string applicationUri = null)
{
OAuthTokenRequest request = new OAuthTokenRequest
{
grant_type = OAuthGrantTypes.USER,
code = authorizationCode,
client_id = applicationId,
client_secret = applicationSecret,
redirect_uri = applicationUri
};
OAuthTokenResponse response = _service.CreateAccessToken(request);
return(GetResponse(response, AccessTokenType.User));
}
public AccessToken RefreshUserToken(string refreshToken, string applicationId, string applicationSecret)
{
OAuthTokenRequest request = new OAuthTokenRequest
{
grant_type = OAuthGrantTypes.REFRESH,
refresh_token = refreshToken,
client_id = applicationId,
client_secret = applicationSecret
};
OAuthTokenResponse response = _service.CreateAccessToken(request);
return(GetResponse(response, AccessTokenType.User));
}
protected object ProcessPasswordTokenRequest(OAuthTokenRequest request)
{
// Make sure we have a username and password
if (string.IsNullOrWhiteSpace(request.username) || string.IsNullOrWhiteSpace(request.password))
{
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_grant = "No username and/or password provided" });
}
// Validate the user
if (Context.Services.UserService.ValidateUser(request.username, request.password))
{
return(GenerateTokenResponse(request.username, request.device_id));
}
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_grant = "The username and/or password is incorrect" });
}
/// <summary>
/// Perform an asynchronous OAuth login request with the given credentials
/// </summary>
/// <param name="credentials">The credentials to authenticate with</param>
public async Task Login(OAuthTokenRequest credentials)
{
if (String.IsNullOrWhiteSpace(credentials.ClientId) || String.IsNullOrWhiteSpace(credentials.ClientSecret))
{
throw new ArgumentException("ClientId and ClientSecret must be populated. Get them at https://q.daskeyboard.com/account");
}
var msg = new HttpRequestMessage(HttpMethod.Post, "oauth/1.4/token")
{
Content = new StringContent(JsonConvert.SerializeObject(credentials), Encoding.UTF8, "application/json")
};
//Set the auth header on our client so future request are authenticated
var result = await _client.GetResult <OAuthTokenResponse>(msg).ConfigureAwait(false);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
}
protected object ProcessRefreshTokenRequest(OAuthTokenRequest request)
{
// Make sure we have refresh token
if (string.IsNullOrWhiteSpace(request.refresh_token))
{
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_refreshToken = "No refresh token provided" });
}
// Don't do anything if we don't have a token store registered
if (Context.Services.RefreshTokenStore == null)
{
throw new OAuthResponseException(HttpStatusCode.BadRequest, new { invalid_refreshToken = "A refresh token store is not registered in the system" });
}
// Lookup the refresh token
var key = request.refresh_token.GenerateHash();
var token = Context.Services.RefreshTokenStore.FindRefreshToken(key);
if (token != null)
{
if (token.ExpiresUtc <= DateTime.UtcNow)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_refreshToken = "The refresh token has expired" });
}
if (Client != null && token.ClientId != Client.ClientId)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientId = "Refresh token is issued to a different clientId" });
}
if (token.Realm != Context.Realm)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_realm = "Refresh token is issued to a different realm" });
}
if (!token.DeviceId.IsNullOrWhiteSpace() && token.DeviceId != request.device_id)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_deviceId = "Refresh token is associated with a different device" });
}
return(GenerateTokenResponse(token.Subject, token.DeviceId));
}
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_refreshToken = $"Refresh token {request.refresh_token} not found" });
}
private HttpResponseMessage ProcessRefreshTokenGrant(OAuthClient client, OAuthTokenRequest tokenRequest)
{
// Validate refresh token
var refreshToken =
_oAuthRefreshTokenService.FindValidRefreshToken(tokenRequest.ClientId, tokenRequest.RefreshToken);
if (refreshToken == null)
{
// Refresh token is invalid
return(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
// Get claims
var claims = _oAuthUserProvider.GetClaimsByUserId(refreshToken.UserId);
// TODO: Move ClaimsIdentity generation to service?
var claimsIdentity = new ClaimsIdentity("OAuth");
claimsIdentity.AddClaims(claims);
var accessTokenExpiresIn = _oAuthAccessTokenService.GetAccessTokenLifetimeSeconds(client);
var accessToken = _oAuthAccessTokenService.GenerateAccessToken(claimsIdentity, client);
var newRefreshToken = _oAuthRefreshTokenService.GenerateRefreshToken(Request,
refreshToken.UserId,
client,
tokenRequest.Scopes
?.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries)
.ToList());
// Persist refresh new token and delete old
_oAuthRefreshTokenStorage.Delete(refreshToken.Token);
_oAuthRefreshTokenStorage.Save(newRefreshToken);
var answer = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenResponse
{
TokenType = OAuthTokenTypes.Bearer,
AccessToken = accessToken,
RefreshToken = newRefreshToken.Token,
ExpiresIn = accessTokenExpiresIn,
}))
};
return(answer);
}
public async Task <OAuthTokenResponse> GetOAuthTokenAsync(OAuthTokenRequest request)
{
var formData = new Dictionary <string, string>
{
{ "client_id", request.ClientId },
{ "client_secret", request.ClientSecret },
{ "code", request.Code },
{ "redirect_uri", request.RedirectUri.ToString() },
};
using (var content = new FormUrlEncodedContent(formData))
using (var response = await _httpClient.PostAsync("https://slack.com/api/oauth.access", content))
{
var json = await response.Content.ReadAsStringAsync();
return(Deserialize <OAuthTokenResponse>(json));
}
}
public OAuthTokenResponse Post(OAuthTokenRequest request)
{
var clientId = FlycowApiClientSettingsProvider.GetClientId();
var clientSecret = FlycowApiClientSettingsProvider.GetClientSecret();
if (clientId != request.client_id || clientSecret != request.client_secret)
{
throw new InvalidCredentialsException();
}
var expiresInSeconds = 3600;
return(new OAuthTokenResponse()
{
access_token = clientId,
expires_in = expiresInSeconds,
token_type = "Bearer",
scope = request.scope
});
}
private HttpResponseMessage ProcessPasswordGrant(OAuthClient client, OAuthTokenRequest tokenRequest)
{
var scopes = (tokenRequest.Scopes ?? "")
.Split(new[] { " " }, StringSplitOptions.RemoveEmptyEntries)
.ToList();
if (!_oAuthUserProvider.ValidateUser(tokenRequest.Username, tokenRequest.Password, scopes))
{
// User is invalid
return(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
// Get claims
var claims = _oAuthUserProvider.GetClaimsByUsername(tokenRequest.Username);
var userId = _oAuthUserProvider.GetUserId(tokenRequest.Username);
// TODO: Move ClaimsIdentity generation to service?
var claimsIdentity = new ClaimsIdentity("OAuth");
claimsIdentity.AddClaims(claims);
var accessTokenExpiresIn = _oAuthAccessTokenService.GetAccessTokenLifetimeSeconds(client);
var accessToken = _oAuthAccessTokenService.GenerateAccessToken(claimsIdentity, client);
var refreshToken = _oAuthRefreshTokenService.GenerateRefreshToken(Request, userId, client, scopes);
// Persist refresh token
_oAuthRefreshTokenStorage.Save(refreshToken);
var answer = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenResponse
{
TokenType = OAuthTokenTypes.Bearer,
AccessToken = accessToken,
RefreshToken = refreshToken.Token,
ExpiresIn = accessTokenExpiresIn,
Scope = string.Join(" ", scopes),
}))
};
return(answer);
}
public OAuthTokenResponse Authenticate(OAuthTokenRequest request)
{
var tokenHandler = new JwtSecurityTokenHandler();
// I use sometimes some sort of default user, if you don't want that, just remove this
request = CheckForDefault(request);
User[] users = repository.ReadValue <User[]>("Users");
if (!users.ToList().Any(s => s.username == request.username))
{
return(null);
}
// Here you should add some sort of password check
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var claimIdentity = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, request.username),
});
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = claimIdentity,
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(new OAuthTokenResponse()
{
access_token = tokenHandler.WriteToken(token),
token_type = "Jwt Token",
expires_in = ((DateTimeOffset)tokenDescriptor.Expires.Value).ToUnixTimeSeconds(),
refresh_token = ""
});
}
/// <summary>
/// Requests the token.
/// </summary>
/// <param name="request">The request.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">oauth token request</exception>
/// <exception cref="System.Exception"></exception>
public OAuthTokenResponse RequestToken(OAuthTokenRequest request)
{
try
{
#region pre-processing
if (request == null)
{
throw new ArgumentNullException("oauth token request");
}
#endregion pre-processing
#region processing
List <KeyValuePair <string, string> > parameters = new List <KeyValuePair <string, string> >();
parameters.Add(new KeyValuePair <string, string>("grant_type", request.GrantType));
parameters.Add(new KeyValuePair <string, string>("client_id", request.ClientId));
parameters.Add(new KeyValuePair <string, string>("client_secret", request.ClientSecret));
parameters.Add(new KeyValuePair <string, string>("code", request.Code));
string jsonResult = PostFormUrlEncodedContentRequest(string.Concat(PushbulletConstants.BaseUrlNonVersion, PushbulletConstants.OAuthUrls.OAuthToken), parameters);
var result = jsonResult.JsonToOjbect <OAuthTokenResponse>();
return(result);
#endregion processing
}
catch (WebException ex)
{
var statusCode = ((HttpWebResponse)ex.Response).StatusCode;
throw new Exception(string.Format(PushbulletConstants.OAuthErrorMessages.WebExceptionFormat, statusCode, ex.Message), ex);
}
catch (Exception)
{
throw;
}
}
/// <summary>
/// A method that executes request token flow
/// </summary>
public OAuthTokenResponse ExecuteTokenFlow(OAuthTokenRequest tokenRequest)
{
VerifyOAuthRequestTokenParameters(tokenRequest);
long retrievedMemberId = VerifyCredentials(tokenRequest.username, tokenRequest.password);
Guid accessTokenGuid = Guid.NewGuid();
Guid refreshTokenGuid = Guid.NewGuid();
DateTime validFrom = DateTime.UtcNow;
DateTime validTo = validFrom.AddDays(1);
AddMemberAuthorization(accessTokenGuid, retrievedMemberId, tokenRequest.scope, validFrom, validTo);
return(new OAuthTokenResponse
{
access_token = accessTokenGuid.ToString(),
expires_in = null,
refresh_token = refreshTokenGuid.ToString(),
scope = tokenRequest.scope,
token_type = TOKEN_TYPE_BEARER,
MemberID = retrievedMemberId
});
}
/// <summary>
/// A method that executes refresh token flow
/// </summary>
public OAuthRefreshTokenResponse ExecuteRefreshTokenFlow(OAuthTokenRequest tokenRequest)
{
if (!string.IsNullOrEmpty(tokenRequest.scope) && !tokenRequest.scope.Equals(DEFAULT_SCOPE))
{
throw new ApiException(HttpStatusCode.BadRequest, "The specified scope is invalid");
}
if (string.IsNullOrEmpty(tokenRequest.refresh_token))
{
throw new ApiException(HttpStatusCode.BadRequest, "Missing required parameter: refresh_token");
}
Guid accessToken = Guid.NewGuid();
long memberId = RefreshMemberAuthorization(tokenRequest.refresh_token, accessToken.ToString());
var oAuthTokenResponse = new OAuthRefreshTokenResponse
{
MemberID = memberId,
access_token = accessToken.ToString(),
token_type = TOKEN_TYPE_BEARER,
scope = tokenRequest.scope
};
return(oAuthTokenResponse);
}
protected void ProcessClient(OAuthTokenRequest request)
{
if (Context.Services.ClientStore != null)
{
if (string.IsNullOrWhiteSpace(request.client_id))
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientId = "A client_id is required" });
}
var client = Context.Services.ClientStore.FindClient(request.client_id);
if (client == null)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientId = $"Client {request.client_id} is not registered in the system" });
}
if (client.SecurityLevel == SecurityLevel.Secure)
{
if (string.IsNullOrWhiteSpace(request.client_secret))
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientSecret = "A client_secret is required" });
}
if (client.Secret != request.client_secret.GenerateOAuthHash())
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientSecret = "Invalid client_secret" });
}
}
if (!client.Active)
{
throw new OAuthResponseException(HttpStatusCode.Unauthorized, new { invalid_clientId = "Client is inactive" });
}
Client = client;
}
}
public IActionResult CreateAccessToken([FromForm] OAuthTokenRequest tokenRequest)
{
IActionResult result = null;
if (string.Compare(tokenRequest.grant_type, "password", true) == 0)
{
Model.AccessKey accessKey = BusinessLogicFactory.AccessKeys.GetAccessKey(tokenRequest.username);
if (accessKey != null)
{
if (string.Compare(tokenRequest.password, accessKey.Secret) == 0)
{
OAuthToken token = CreateOAuthToken(accessKey.OrganisationID);
result = new ObjectResult(token)
{
StatusCode = (int)HttpStatusCode.Created
};
}
else
{
_logger.LogDebug($"Incorrect Secret for Organisation {accessKey.OrganisationID} with access key: {accessKey.Name}");
result = new UnauthorizedResult();
}
}
else
{
_logger.LogDebug($"No organisation with key: {tokenRequest.username}");
result = new UnauthorizedResult();
}
}
else if (string.Compare(tokenRequest.grant_type, "refresh_token", true) == 0)
{
OrganisationSecurityTokenHandler handler = _AuthOptions.SecurityTokenValidators.OfType <OrganisationSecurityTokenHandler>().FirstOrDefault();
JwtSecurityToken securityToken = handler.ReadJwtToken(tokenRequest.refresh_token);
if (securityToken != null)
{
Claim organisationClaim = securityToken.Claims.ToList().Find(c => c.Type.Equals(OrganisationIdentity.OrganisationClaim));
Claim refreshTokenClaim = securityToken.Claims.ToList().Find(c => c.Type.Equals(RefreshTokenClaim));
if (organisationClaim != null && refreshTokenClaim != null && refreshTokenClaim.Value.Equals(RefreshTokenExists))
{
int organisationID;
if (int.TryParse(organisationClaim.Value, out organisationID) && organisationID > 0)
{
OAuthToken token = CreateOAuthToken(organisationID);
result = new ObjectResult(token)
{
StatusCode = (int)HttpStatusCode.Created
};
}
else
{
_logger.LogDebug($"Failed to parse organisationID in refresh token: {tokenRequest.refresh_token}");
result = new BadRequestResult();
}
}
else
{
_logger.LogDebug($"Refresh token does not have expected claims: {tokenRequest.refresh_token}");
result = new BadRequestResult();
}
}
else
{
_logger.LogDebug($"Invalid refresh token: {tokenRequest.refresh_token}");
result = new BadRequestResult();
}
}
else
{
result = new BadRequestResult();
}
return(result);
}
public IActionResult Oauthtokenpost(OAuthTokenRequest request)
{
OAuthTokenResponse token = service.Authenticate(request);
return(Ok(token));
}
