private static void TokenIntrospection(string introscpectionEndpoint, string accessToken, string scope, string secret)
{
var client = new IntrospectionClient(introscpectionEndpoint, scope, secret);
var request = new IntrospectionRequest
{
Token = accessToken
};
var result = client.SendAsync(request).Result;
if (result.IsError)
{
Console.WriteLine(result.Error);
}
else
{
if (result.IsActive)
{
var claims = result.Claims.ToList();
var expirationClaim = claims.FirstOrDefault(x => x.Type == "exp");
var validFromClaim = claims.FirstOrDefault(x => x.Type == "nbf");
long expirationTimeStamp = Convert.ToInt64(expirationClaim.Value);
long validFromTimeStamp = Convert.ToInt64(validFromClaim.Value);
var expirationDate = TimeStampToDate(expirationTimeStamp);
var issuedDate = TimeStampToDate(validFromTimeStamp);
}
else
{
Console.WriteLine("token is not active");
}
}
}
private static void Introspection(string accessToken)
{
var client = new IntrospectionClient(
Constants.IntrospectionEndpoint,
"api1",
"secret");
var request = new IntrospectionRequest
{
Token = accessToken
};
var result = client.SendAsync(request).Result;
if (result.IsError)
{
Console.WriteLine(result.Error);
}
else
{
if (result.IsActive)
{
result.Claims.ToList().ForEach(c => Console.WriteLine("{0}: {1}",
c.Item1, c.Item2));
}
else
{
Console.WriteLine("token is not active");
}
}
}
private static void Introspection(string accessToken)
{
var client = new IntrospectionClient(
"https://localhost:44333/core/connect/introspect",
"write",
"secret");
var request = new IntrospectionRequest
{
Token = accessToken
};
var result = client.SendAsync(request).Result;
if (result.IsError)
{
Console.WriteLine(result.Error);
}
else
{
if (result.IsActive)
{
result.Claims.ToList().ForEach(c => Console.WriteLine("{0}: {1}",
c.Item1, c.Item2));
}
else
{
Console.WriteLine("token is not active");
}
}
}
public async Task <ActionResult <IntrospectionResponse> > ValidateToken([FromForm] IntrospectionRequest request)
{
if (string.IsNullOrEmpty(request.Token))
{
return(BadRequest("Token canot be empty."));
}
var response = await _authentication.IntrospectionValidation(request);
return(Ok(response));
}
public static IntrospectionParameter ToParameter(this IntrospectionRequest viewModel)
{
return(new IntrospectionParameter
{
ClientAssertion = viewModel.ClientAssertion,
ClientAssertionType = viewModel.ClientAssertionType,
ClientId = viewModel.ClientId,
ClientSecret = viewModel.ClientSecret,
Token = viewModel.Token,
TokenTypeHint = viewModel.TokenTypeHint
});
}
public static IntrospectionParameter ToParameter(this IntrospectionRequest viewModel)
{
return(new()
{
ClientAssertion = viewModel.client_assertion,
ClientAssertionType = viewModel.client_assertion_type,
ClientId = viewModel.client_id,
ClientSecret = viewModel.client_secret,
Token = viewModel.token,
TokenTypeHint = viewModel.token_type_hint
});
}
public async Task WhenIntrospectingAndTokenDoesNotExistThenResponseShowsInactiveToken()
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("client", "client"),
_server.Client,
new Uri(BaseUrl + WellKnownOpenidConfiguration));
var introspection = await tokenClient.Introspect(
IntrospectionRequest.Create("invalid_token", TokenTypes.AccessToken, "pat"))
.ConfigureAwait(false) as Option <OauthIntrospectionResponse> .Result;
Assert.False(introspection.Item.Active);
}
private async Task <IntrospectionResponse> ValidateToken(string token)
{
var clientInstroption = new IntrospectionClient(WebConfigurationManager.AppSettings["is3host"] + "/identity/core/connect/introspect",
"sampleAPI",
"dmsecret");
var request = new IntrospectionRequest
{
Token = token
};
return(clientInstroption.SendAsync(request).Result);
}
protected override async Task <int> ExecuteCommandAsync()
{
int result = -1;
try
{
var discoClient = await DiscoveryClient.GetAsync(Server.Value());
if (discoClient.IsError)
{
Logger.LogError($"{discoClient.ErrorType} : {discoClient.Error}");
}
else
{
var client = new IntrospectionClient(discoClient.IntrospectionEndpoint, Client.Value(),
Secret.Value());
var request = new IntrospectionRequest
{
Token = Token.Value()
};
var introspectionResponse = await client.SendAsync(request);
if (introspectionResponse.IsError)
{
Logger.LogError(introspectionResponse.Error);
}
else
{
if (introspectionResponse.IsActive)
{
introspectionResponse.Claims.ToList().ForEach(
c => Logger.LogInformation($"{c.Type}: {c.Value}"));
}
else
{
Logger.LogInformation("token is not active");
}
}
}
}
catch (Exception ex)
{
throw new CommandException(ex.Message);
}
return(result);
}
/// <inheritdoc />
public async Task <Option <UmaIntrospectionResponse> > Introspect(
IntrospectionRequest introspectionRequest,
CancellationToken cancellationToken = default)
{
var discoveryInformation = await GetUmaConfiguration(cancellationToken).ConfigureAwait(false);
var request = new HttpRequestMessage
{
Method = HttpMethod.Post,
Content = new FormUrlEncodedContent(introspectionRequest),
RequestUri = discoveryInformation.IntrospectionEndpoint
};
return(await GetResult <UmaIntrospectionResponse>(request, introspectionRequest.PatToken, cancellationToken : cancellationToken)
.ConfigureAwait(false));
}
public void ValidatingClientToken_WithValidCredential_ReturnsOkStatusCode()
{
// Arrange
var tokenClient = identityServerHost.GetTokenClient();
var introClient = identityServerHost.GetIntroClient();
var clientCredential = tokenClient.RequestClientCredentialsAsync("identityserverhost").Result;
var introRequest = new IntrospectionRequest {
ClientId = "testclient", Token = clientCredential.AccessToken
};
// Act
var introResponse = introClient.SendAsync(introRequest).Result;
// Assert
Assert.AreEqual(HttpStatusCode.OK, introResponse.HttpStatusCode);
}
public async Task When_Introspecting_AccessToken_Then_Information_Are_Returned()
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("client", "client"),
_server.Client,
new Uri(BaseUrl + WellKnownOpenidConfiguration));
var result =
await tokenClient.GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var introspection = await tokenClient.Introspect(
IntrospectionRequest.Create(result.Item.AccessToken, TokenTypes.AccessToken, "pat"))
.ConfigureAwait(false) as Option <OauthIntrospectionResponse> .Result;
Assert.Single(introspection.Item.Scope);
Assert.Equal("scim", introspection.Item.Scope.First());
}
public async Task When_Revoking_RefreshToken_Then_True_Is_Returned()
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("client", "client"),
_server.Client,
new Uri(BaseUrl + WellKnownOpenidConfiguration));
var result = await tokenClient
.GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim", "offline" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var revoke = await tokenClient
.RevokeToken(RevokeTokenRequest.Create(result.Item.RefreshToken, TokenTypes.RefreshToken))
.ConfigureAwait(false);
var introspectClient = new UmaClient(_server.Client, new Uri(BaseUrl + WellKnownOpenidConfiguration));
var ex = await introspectClient.Introspect(
IntrospectionRequest.Create(result.Item.RefreshToken, TokenTypes.RefreshToken, "pat"))
.ConfigureAwait(false);
Assert.IsType <Option.Success>(revoke);
Assert.IsType <Option <UmaIntrospectionResponse> .Error>(ex);
}
private static async Task IntrospectAsync(string accessToken)
{
var disco = await DiscoveryClient.GetAsync(Constants.Authority);
if (disco.IsError)
{
throw new Exception(disco.Error);
}
var client = new IntrospectionClient(
disco.IntrospectionEndpoint,
"api1",
"secret");
var request = new IntrospectionRequest
{
Token = accessToken
};
var result = await client.SendAsync(request);
if (result.IsError)
{
Console.WriteLine(result.Error);
}
else
{
if (result.IsActive)
{
result.Claims.ToList().ForEach(c => Console.WriteLine("{0}: {1}",
c.Type, c.Value));
}
else
{
Console.WriteLine("token is not active");
}
}
}
public async Task <bool> IsAuthTokenValid(string authCode, string authority)
{
var client = new IntrospectionClient(
$"{authority}/connect/introspect",
"api1", "secret");
var request = new IntrospectionRequest
{
Token = Properties.Settings.Default.AuthCode
};
try
{
var result = await client.SendAsync(request);
return(result.IsActive);
}
catch
{
AddSnacbkarErrorMessageToQueeue("Error contacting the server");
return(false);
}
}
public async Task <IActionResult> Post(
[FromForm] IntrospectionRequest introspectionRequest,
CancellationToken cancellationToken)
{
if (introspectionRequest?.token == null)
{
return(BuildError(
ErrorCodes.InvalidRequest,
"no parameter in body request",
HttpStatusCode.BadRequest));
}
var result = await _introspectionActions.Execute(
introspectionRequest.ToParameter(),
cancellationToken)
.ConfigureAwait(false);
return(result switch
{
Option <OauthIntrospectionResponse> .Result r => Ok(r.Item),
Option <OauthIntrospectionResponse> .Error e => BadRequest(e.Details),
_ => throw new ArgumentOutOfRangeException()
});
/// <inheritdoc/>
public async Task <IntrospectionResponse> IntrospectionValidation(IntrospectionRequest request)
{
List <Func <Task <IntrospectionResponse> > > validationFunctions = new();
validationFunctions.Add(async() => await ValidateEFormidlingAccessToken(request.Token));
/*
* if token type hint is provided in the request,
* the suitable validation function should be moved to the top of the list
* to possibly avoid unnessesary validation attempts.
*/
foreach (Func <Task <IntrospectionResponse> > func in validationFunctions)
{
var res = await func();
if (res.Active)
{
return(res);
}
}
return(new IntrospectionResponse());
}
