public async Task <IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope)
{
var fail = new IntrospectionRequestValidationResult {
IsError = true
};
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return(fail);
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return(fail);
}
// check expected scope
var expectedScope = tokenValidationResult.Claims.FirstOrDefault(
c => c.Type == Constants.ClaimTypes.Scope && c.Value == scope.Name);
// expected scope not present
if (expectedScope == null)
{
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return(fail);
}
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = tokenValidationResult.Claims
};
return(success);
}
