private HttpResponseMessage ProcessRefreshTokenGrant(OAuthClient client, OAuthTokenRequest tokenRequest)
{
// Validate refresh token
var refreshToken =
_oAuthRefreshTokenService.FindValidRefreshToken(tokenRequest.ClientId, tokenRequest.RefreshToken);
if (refreshToken == null)
{
// Refresh token is invalid
return(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
// Get claims
var claims = _oAuthUserProvider.GetClaimsByUserId(refreshToken.UserId);
// TODO: Move ClaimsIdentity generation to service?
var claimsIdentity = new ClaimsIdentity("OAuth");
claimsIdentity.AddClaims(claims);
var accessTokenExpiresIn = _oAuthAccessTokenService.GetAccessTokenLifetimeSeconds(client);
var accessToken = _oAuthAccessTokenService.GenerateAccessToken(claimsIdentity, client);
var newRefreshToken = _oAuthRefreshTokenService.GenerateRefreshToken(Request,
refreshToken.UserId,
client,
tokenRequest.Scopes
?.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries)
.ToList());
// Persist refresh new token and delete old
_oAuthRefreshTokenStorage.Delete(refreshToken.Token);
_oAuthRefreshTokenStorage.Save(newRefreshToken);
var answer = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenResponse
{
TokenType = OAuthTokenTypes.Bearer,
AccessToken = accessToken,
RefreshToken = newRefreshToken.Token,
ExpiresIn = accessTokenExpiresIn,
}))
};
return(answer);
}
