public async Task <ContentResult> Authorize( [FromQuery(Name = "state")] string state = null, [FromQuery(Name = "code")] string code = null, [FromQuery(Name = "error")] string error = null) { if (string.IsNullOrEmpty(state)) { // return Test HTML return(new ContentResult { Content = "<form method=\"post\"><input type=\"submit\" value=\"Authorize\" /></form>", ContentType = "text/html", StatusCode = 200 }); } string userId = HttpHelper.GetUserId(HttpContext); // if Spotify returned an error, throw it if (error != null) { throw new SpotifyApiErrorException(error); } // Use the code to request a token var tokens = await _userAccounts.RequestAccessRefreshToken(code); //TODO: check state is valid await _userStateService.ValidateState(state, userId); // Save the Token await _tokenService.SetSpotifyAccessToken(userId, tokens); //TODO: Get the Spotify Username // Create a User if not exists await _userService.CreateUserIfNotExists(userId); // Get a Ringo Token var ringoToken = await _tokenService.GetRingoAccessToken(userId); // return an HTML result that posts a message back to the opening window and then closes itself. return(new ContentResult { ContentType = "text/html", StatusCode = (int)HttpStatusCode.OK, Content = $"<html><body><script>window.opener.postMessage(\"{ userId },{ ringoToken }\", \"*\");window.close()</script></body></html>" }); }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { // Only run if Controller / Action is decorated with [AuthSpotifyBearer] var attribute = context.ActionDescriptor.FilterDescriptors .Select(x => x.Filter).OfType <AuthSpotifyBearerAttribute>().FirstOrDefault(); if (attribute == null) { await next(); return; } // if no auth header => Forbidden string bearer = HttpHelper.GetBearerToken(context.HttpContext); if (bearer == null) { context.Result = new StatusCodeResult(403); return; } // if user exists and user has been authorized and token has not expired and token matches bearer => Continue string userId = HttpHelper.GetUserId(context.HttpContext); var ringoToken = await _tokens.GetRingoAccessToken(userId); if ( ringoToken == null || ringoToken.AccessTokenExpired || ringoToken.AccessToken != bearer) { context.Result = new StatusCodeResult(403); return; } await next(); }