public async Task <IHttpActionResult> Get() { Logger.Info("Start access token validation request"); if (!_settings.AccessTokenValidationEndpoint.Enabled) { Logger.Warn("Endpoint is disabled. Aborting"); return(NotFound()); } var parameters = Request.RequestUri.ParseQueryString(); var token = parameters.Get("token"); if (token.IsMissing()) { Logger.Error("token is missing."); return(BadRequest("token is missing.")); } var result = await _validator.ValidateAccessTokenAsync(token, parameters.Get("expectedScope")); if (result.IsError) { Logger.Info("Returning error: " + result.Error); return(BadRequest(result.Error)); } var response = result.Claims.Select(c => new { c.Type, c.Value }); Logger.Debug(JsonConvert.SerializeObject(response, Formatting.Indented)); Logger.Info("Returning access token claims"); return(Json(response)); }
public async Task<IHttpActionResult> Get(HttpRequestMessage request) { Logger.Info("Start userinfo request"); if (!_options.UserInfoEndpoint.IsEnabled) { Logger.Warn("Endpoint is disabled. Aborting"); return NotFound(); } var authorizationHeader = request.Headers.Authorization; if (authorizationHeader == null || !authorizationHeader.Scheme.Equals(Constants.TokenTypes.Bearer) || authorizationHeader.Parameter.IsMissing()) { return Error(Constants.ProtectedResourceErrors.InvalidToken); } var result = await _tokenValidator.ValidateAccessTokenAsync( authorizationHeader.Parameter, Constants.StandardScopes.OpenId); if (result.IsError) { return Error(result.Error); } // pass scopes/claims to profile service var subject = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject).Value; var scopes = result.Claims.Where(c => c.Type == Constants.ClaimTypes.Scope).Select(c => c.Value); var payload = await _generator.ProcessAsync(subject, scopes); return new UserInfoResult(payload); }
public async Task <IHttpActionResult> Get() { var parameters = Request.RequestUri.ParseQueryString(); var token = parameters.Get("token"); if (token.IsMissing()) { return(BadRequest("token is missing.")); } var result = await _validator.ValidateAccessTokenAsync(token, parameters.Get("expectedScope")); if (result.IsError) { return(BadRequest(result.Error)); } return(Ok(result.Claims.Select(c => new { c.Type, c.Value }))); }
public async Task Create_and_Validate_JWT_AccessToken_Valid() { var tokenService = new DefaultTokenService( null, _settings, null, null); var token = new Token(Constants.TokenTypes.AccessToken) { Audience = string.Format(Constants.AccessTokenAudience, _settings.GetIssuerUri()), Issuer = _settings.GetIssuerUri(), Lifetime = 60, Client = await _settings.FindClientByIdAsync("client") }; var jwt = await tokenService.CreateSecurityTokenAsync(token); var validator = new TokenValidator(_settings, null, null, new DebugLogger()); var result = await validator.ValidateAccessTokenAsync(jwt); Assert.IsFalse(result.IsError); Assert.IsNotNull(result.Claims); }