public async ValueTask <HttpResponseMessage> ClientCredential_AuthV2(ClientCredentialV2 model) { var content = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("issuer", model.issuer), new KeyValuePair <string, string>("client", model.client), new KeyValuePair <string, string>("grant_type", model.grant_type), new KeyValuePair <string, string>("client_secret", model.client_secret), }); return(await _http.PostAsync("oauth2/v2/ccg", content)); }
public async ValueTask <ClientJwtV2> ClientCredential_GrantV2(ClientCredentialV2 model) { var response = await Endpoints.ClientCredential_AuthV2(model); if (response.IsSuccessStatusCode) { return(await response.Content.ReadAsAsync <ClientJwtV2>().ConfigureAwait(false)); } throw new HttpRequestException(response.RequestMessage.ToString(), new Exception(response.ToString())); }
public IActionResult ClientCredentialV2_Grant([FromForm] ClientCredentialV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } else if (!issuer.IsEnabled) { ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}"); return(BadRequest(ModelState)); } Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.client, out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == input.client).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}"); return(NotFound(ModelState)); } else if (audience.IsLockedOut || !PBKDF2.Validate(audience.PasswordHashPBKDF2, input.client_secret)) { uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { AudienceId = audience.Id, LoginType = GrantFlowType.ClientCredentialV2.ToString(), LoginOutcome = GrantFlowResultType.Failure.ToString(), })); uow.Commit(); ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}"); return(BadRequest(ModelState)); } var cc_claims = uow.Audiences.GenerateAccessClaims(issuer, audience); var cc = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, cc_claims); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { AudienceId = audience.Id, LoginType = GrantFlowType.ClientCredentialV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); var rt_claims = uow.Audiences.GenerateRefreshClaims(issuer, audience); var rt = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, rt_claims); uow.Refreshes.Create( map.Map <tbl_Refresh>(new RefreshV1() { IssuerId = issuer.Id, AudienceId = audience.Id, RefreshType = ConsumerType.Client.ToString(), RefreshValue = rt.RawData, ValidFromUtc = rt.ValidFrom, ValidToUtc = rt.ValidTo, })); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { AudienceId = audience.Id, LoginType = GrantFlowType.RefreshTokenV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); uow.Commit(); var result = new ClientJwtV2() { token_type = "bearer", access_token = cc.RawData, refresh_token = rt.RawData, client = audience.Name, issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"], expires_in = (int)(new DateTimeOffset(cc.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds, }; return(Ok(result)); }