public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { VService = context.HttpContext.RequestServices.GetRequiredService <ValidationService>(); // We only accept "authorization_code", "refresh", "token" for this endpoint. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && !context.Request.IsClientCredentialsGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code, refresh token, and token grant types are accepted by this authorization server." ); } string clientid = null; string clientsecret = null; string redirecturi = null; string code = null; string refreshtoken = null; // Validating the Authorization Code Token Request if (context.Request.IsAuthorizationCodeGrantType()) { clientid = context.ClientId; clientsecret = context.ClientSecret; code = context.Request.Code; redirecturi = context.Request.RedirectUri; if (String.IsNullOrWhiteSpace(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_id cannot be empty" ); return; } else if (String.IsNullOrWhiteSpace(clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_secret cannot be empty" ); return; } else if (String.IsNullOrWhiteSpace(redirecturi)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "redirect_uri cannot be empty" ); return; } else if (!await VService.CheckClientIdIsValid(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client id was does not exist" ); return; } else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client secret is invalid" ); return; } else if (!await VService.CheckRedirectURIMatchesClientId(clientid, redirecturi)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied redirect uri is incorrect" ); return; } context.Validate(); return; } // Validating the Refresh Code Token Request else if (context.Request.IsRefreshTokenGrantType()) { clientid = context.Request.ClientId; clientsecret = context.Request.ClientSecret; refreshtoken = context.Request.RefreshToken; if (String.IsNullOrWhiteSpace(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_id cannot be empty" ); return; } else if (String.IsNullOrWhiteSpace(clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_secret cannot be empty" ); return; } else if (!await VService.CheckClientIdIsValid(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client id does not exist" ); return; } else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client secret is invalid" ); return; } else if (!await VService.CheckRefreshTokenIsValid(refreshtoken)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied refresh token is invalid" ); return; } context.Validate(); return; } // Validating Client Credentials Request, aka, 'token' else if (context.Request.IsClientCredentialsGrantType()) { clientid = context.ClientId; clientsecret = context.ClientSecret; if (String.IsNullOrWhiteSpace(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_id cannot be empty" ); return; } else if (String.IsNullOrWhiteSpace(clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "client_secret cannot be empty" ); return; } else if (!await VService.CheckClientIdIsValid(clientid)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client id does not exist" ); return; } else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The supplied client secret is invalid" ); return; } context.Validate(); return; } else { context.Reject( error: OpenIdConnectConstants.Errors.ServerError, description: "Could not validate the token request" ); return; } }