private HttpResponseMessage ProcessPasswordGrant(OAuthClient client, OAuthTokenRequest tokenRequest)
{
var scopes = (tokenRequest.Scopes ?? "")
.Split(new[] { " " }, StringSplitOptions.RemoveEmptyEntries)
.ToList();
if (!_oAuthUserProvider.ValidateUser(tokenRequest.Username, tokenRequest.Password, scopes))
{
// User is invalid
return(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
// Get claims
var claims = _oAuthUserProvider.GetClaimsByUsername(tokenRequest.Username);
var userId = _oAuthUserProvider.GetUserId(tokenRequest.Username);
// TODO: Move ClaimsIdentity generation to service?
var claimsIdentity = new ClaimsIdentity("OAuth");
claimsIdentity.AddClaims(claims);
var accessTokenExpiresIn = _oAuthAccessTokenService.GetAccessTokenLifetimeSeconds(client);
var accessToken = _oAuthAccessTokenService.GenerateAccessToken(claimsIdentity, client);
var refreshToken = _oAuthRefreshTokenService.GenerateRefreshToken(Request, userId, client, scopes);
// Persist refresh token
_oAuthRefreshTokenStorage.Save(refreshToken);
var answer = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(new OAuthTokenResponse
{
TokenType = OAuthTokenTypes.Bearer,
AccessToken = accessToken,
RefreshToken = refreshToken.Token,
ExpiresIn = accessTokenExpiresIn,
Scope = string.Join(" ", scopes),
}))
};
return(answer);
}
