// Determine whether the given authorization is still ok
public bool IsAuthorizationValid(IAuthorizationDescription authorization)
{
// If db precision exceeds token time precision (which is common), the following query would
// often disregard a token that is minted immediately after the authorization record is stored in the db.
// To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
var grantedAuths = _authorizationRepository.FindCurrent(authorization.ClientIdentifier, authorization.User,
authorization.UtcIssued + TimeSpan.FromSeconds(1)).ToList();
if (!grantedAuths.Any())
{
// No granted authorizations prior to the issuance of this token, so it must have been revoked.
// Even if later authorizations restore this client's ability to call in, we can't allow
// access tokens issued before the re-authorization because the revoked authorization should
// effectively and permanently revoke all access and refresh tokens.
return(false);
}
// Determine the set of all scopes the user has authorized for this client
var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);
foreach (var auth in grantedAuths)
{
grantedScopes.UnionWith(OAuthUtilities.SplitScopes(auth.Scope));
}
// See if what's requested is authorized
return(authorization.Scope.IsSubsetOf(grantedScopes));
}