protected virtual async Task <TokenValidationResult> ValidateReferenceAccessTokenAsync(string tokenHandle)
{
var token = await _tokenHandles.GetAsync(tokenHandle);
if (token == null)
{
Logger.Error("Token handle not found");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (token.Type != Constants.TokenTypes.AccessToken)
{
Logger.ErrorFormat("Token handle does not resolve to an access token - but instead to: {1}", tokenHandle, token.Type);
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (DateTime.UtcNow > token.CreationTime.AddSeconds(token.Lifetime))
{
Logger.Error("Token expired.");
return(Invalid(Constants.ProtectedResourceErrors.ExpiredToken));
}
Logger.Info("Reference access token validation successful");
return(new TokenValidationResult
{
Claims = ReferenceTokenToClaims(token),
ReferenceToken = token
});
}
// revoke access token only if it belongs to client doing the request
private async Task <bool> RevokeAccessTokenAsync(string handle, Client client)
{
var token = await _tokenHandles.GetAsync(handle);
if (token != null)
{
if (token.ClientId == client.ClientId)
{
await _tokenHandles.RemoveAsync(handle);
await _events.RaiseTokenRevokedEventAsync(token.SubjectId, handle, Constants.TokenTypeHints.AccessToken);
}
else
{
var message = string.Format("Client {0} tried to revoke an access token belonging to a different client: {1}", client.ClientId, token.ClientId);
Logger.Warn(message);
await RaiseFailureEventAsync(message);
}
return(true);
}
return(false);
}
protected virtual async Task <TokenValidationResult> ValidateReferenceAccessTokenAsync(string tokenHandle)
{
_log.TokenHandle = tokenHandle;
var token = await _tokenHandles.GetAsync(tokenHandle);
if (token == null)
{
LogError("Token handle not found");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (token.Type != Constants.TokenTypes.AccessToken)
{
LogError("Token handle does not resolve to an access token - but instead to: " + token.Type);
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (DateTimeOffsetHelper.UtcNow >= token.CreationTime.AddSeconds(token.Lifetime))
{
LogError("Token expired.");
return(Invalid(Constants.ProtectedResourceErrors.ExpiredToken));
}
return(new TokenValidationResult
{
Claims = ReferenceTokenToClaims(token),
ReferenceToken = token,
ReferenceTokenId = tokenHandle
});
}
public async Task LoadingNonExistingKeyShouldResultInNull()
{
await _setup;
Assert.Null(await _store.GetAsync("DoesNotExist"));
}
