public async ValueTask <HttpResponseMessage> ResourceOwner_RefreshV2(RefreshTokenV2 model) { var content = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("issuer", model.issuer), new KeyValuePair <string, string>("client", model.client), new KeyValuePair <string, string>("grant_type", model.grant_type), new KeyValuePair <string, string>("refresh_token", model.refresh_token), }); return(await _http.PostAsync("oauth2/v2/ropg-rt", content)); }
public async ValueTask <UserJwtV2> ResourceOwner_RefreshV2(RefreshTokenV2 model) { var response = await Endpoints.ResourceOwner_RefreshV2(model); if (response.IsSuccessStatusCode) { return(await response.Content.ReadAsAsync <UserJwtV2>().ConfigureAwait(false)); } throw new HttpRequestException(response.RequestMessage.ToString(), new Exception(response.ToString())); }
public IActionResult ResourceOwnerV2_Refresh([FromForm] RefreshTokenV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var refresh = uow.Refreshes.Get(QueryExpressionFactory.GetQueryExpression <tbl_Refresh>() .Where(x => x.RefreshValue == input.refresh_token).ToLambda()).SingleOrDefault(); if (refresh == null) { ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.refresh_token}"); return(NotFound(ModelState)); } else if (!string.Equals(refresh.RefreshType, ConsumerType.User.ToString(), StringComparison.OrdinalIgnoreCase) || (refresh.ValidFromUtc >= DateTime.UtcNow || refresh.ValidToUtc <= DateTime.UtcNow)) { ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.refresh_token}"); return(BadRequest(ModelState)); } Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } else if (!issuer.IsEnabled) { ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}"); return(BadRequest(ModelState)); } var user = uow.Users.Get(x => x.Id == refresh.UserId).SingleOrDefault(); //check that user exists... if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{refresh.UserId}"); return(NotFound(ModelState)); } //check that user is not locked... else if (uow.Users.IsLockedOut(user) || !user.EmailConfirmed || !user.PasswordConfirmed) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } var clientList = uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.tbl_Roles.Any(y => y.tbl_UserRoles.Any(z => z.UserId == user.Id))).ToLambda()); var audiences = new List <tbl_Audience>(); //check if client is single, multiple or undefined... if (string.IsNullOrEmpty(input.client)) { audiences = uow.Audiences.Get(x => clientList.Contains(x) && x.IsLockedOut == false).ToList(); } else { foreach (string entry in input.client.Split(",")) { Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(entry.Trim(), out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == entry.Trim()).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{entry}"); return(NotFound(ModelState)); } else if (audience.IsLockedOut || !clientList.Contains(audience)) { ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}"); return(BadRequest(ModelState)); } audiences.Add(audience); } } if (audiences.Count == 0) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:None"); return(BadRequest(ModelState)); } var rop_claims = uow.Users.GenerateAccessClaims(issuer, user); var rop = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), rop_claims); var rt_claims = uow.Users.GenerateRefreshClaims(issuer, user); var rt = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), rt_claims); uow.Refreshes.Create( map.Map <tbl_Refresh>(new RefreshV1() { IssuerId = issuer.Id, UserId = user.Id, RefreshType = ConsumerType.User.ToString(), RefreshValue = rt.RawData, IssuedUtc = rt.ValidFrom, ValidFromUtc = rt.ValidFrom, ValidToUtc = rt.ValidTo, })); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.RefreshTokenV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); uow.Commit(); var result = new UserJwtV2() { token_type = "bearer", access_token = rop.RawData, refresh_token = rt.RawData, user = user.UserName, client = audiences.Select(x => x.Name).ToList(), issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"], expires_in = (int)(new DateTimeOffset(rop.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds, }; return(Ok(result)); }
public IActionResult ClientCredentialV2_Refresh([FromForm] RefreshTokenV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var refresh = uow.Refreshes.Get(QueryExpressionFactory.GetQueryExpression <tbl_Refresh>() .Where(x => x.RefreshValue == input.refresh_token).ToLambda()).SingleOrDefault(); if (refresh == null) { ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.refresh_token}"); return(NotFound(ModelState)); } else if (!string.Equals(refresh.RefreshType, ConsumerType.Client.ToString(), StringComparison.OrdinalIgnoreCase) || (refresh.ValidFromUtc >= DateTime.UtcNow || refresh.ValidToUtc <= DateTime.UtcNow)) { ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.refresh_token}"); return(BadRequest(ModelState)); } Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } else if (!issuer.IsEnabled) { ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}"); return(BadRequest(ModelState)); } Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.client, out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == input.client).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}"); return(NotFound(ModelState)); } else if (audience.IsLockedOut) { ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}"); return(BadRequest(ModelState)); } var cc_claims = uow.Audiences.GenerateAccessClaims(issuer, audience); var cc = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, cc_claims); var rt_claims = uow.Audiences.GenerateRefreshClaims(issuer, audience); var rt = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, rt_claims); uow.Refreshes.Create( map.Map <tbl_Refresh>(new RefreshV1() { IssuerId = issuer.Id, AudienceId = audience.Id, RefreshType = ConsumerType.Client.ToString(), RefreshValue = rt.RawData, ValidFromUtc = rt.ValidFrom, ValidToUtc = rt.ValidTo, })); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { AudienceId = audience.Id, LoginType = GrantFlowType.RefreshTokenV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); uow.Commit(); var result = new ClientJwtV2() { token_type = "bearer", access_token = cc.RawData, refresh_token = rt.RawData, client = audience.Name, issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"], expires_in = (int)(new DateTimeOffset(cc.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds, }; return(Ok(result)); }