public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
VService = context.HttpContext.RequestServices.GetRequiredService <ValidationService>();
// We only accept "authorization_code", "refresh", "token" for this endpoint.
if (!context.Request.IsAuthorizationCodeGrantType() &&
!context.Request.IsRefreshTokenGrantType() &&
!context.Request.IsClientCredentialsGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code, refresh token, and token grant types are accepted by this authorization server."
);
}
string clientid = null;
string clientsecret = null;
string redirecturi = null;
string code = null;
string refreshtoken = null;
// Validating the Authorization Code Token Request
if (context.Request.IsAuthorizationCodeGrantType())
{
clientid = context.ClientId;
clientsecret = context.ClientSecret;
code = context.Request.Code;
redirecturi = context.Request.RedirectUri;
if (String.IsNullOrWhiteSpace(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_id cannot be empty"
);
return;
}
else if (String.IsNullOrWhiteSpace(clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_secret cannot be empty"
);
return;
}
else if (String.IsNullOrWhiteSpace(redirecturi))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "redirect_uri cannot be empty"
);
return;
}
else if (!await VService.CheckClientIdIsValid(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client id was does not exist"
);
return;
}
else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client secret is invalid"
);
return;
}
else if (!await VService.CheckRedirectURIMatchesClientId(clientid, redirecturi))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied redirect uri is incorrect"
);
return;
}
context.Validate();
return;
}
// Validating the Refresh Code Token Request
else if (context.Request.IsRefreshTokenGrantType())
{
clientid = context.Request.ClientId;
clientsecret = context.Request.ClientSecret;
refreshtoken = context.Request.RefreshToken;
if (String.IsNullOrWhiteSpace(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_id cannot be empty"
);
return;
}
else if (String.IsNullOrWhiteSpace(clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_secret cannot be empty"
);
return;
}
else if (!await VService.CheckClientIdIsValid(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client id does not exist"
);
return;
}
else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client secret is invalid"
);
return;
}
else if (!await VService.CheckRefreshTokenIsValid(refreshtoken))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied refresh token is invalid"
);
return;
}
context.Validate();
return;
}
// Validating Client Credentials Request, aka, 'token'
else if (context.Request.IsClientCredentialsGrantType())
{
clientid = context.ClientId;
clientsecret = context.ClientSecret;
if (String.IsNullOrWhiteSpace(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_id cannot be empty"
);
return;
}
else if (String.IsNullOrWhiteSpace(clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "client_secret cannot be empty"
);
return;
}
else if (!await VService.CheckClientIdIsValid(clientid))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client id does not exist"
);
return;
}
else if (!await VService.CheckClientIdAndSecretIsValid(clientid, clientsecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The supplied client secret is invalid"
);
return;
}
context.Validate();
return;
}
else
{
context.Reject(
error: OpenIdConnectConstants.Errors.ServerError,
description: "Could not validate the token request"
);
return;
}
}
