private async Task ValidateRequestAsync(IRefreshTokenRequest request) { _request = request; if (_request.ClientId == Guid.Empty || _request.ClientSecret == null) { throw new InvalidClientException("Invalid client credentials."); } if (_request.RefreshToken == null) { throw new InvalidGrantException("Refresh token could not be found"); } _refreshToken = await _refreshTokenRepository.FindAsync(request.RefreshToken); if (_refreshToken == null || _refreshToken.IsExpired || _refreshToken.Application.ClientId != request.ClientId) { throw new InvalidGrantException("Refresh token could not be found."); } // If someone tries to use the same refresh token twice, disable the access token. if (_refreshToken.Used) { if (_refreshToken.AccessToken != null && !_refreshToken.AccessToken.IsExpired) { _refreshToken.AccessToken.Disabled = true; await _accessTokenRepository.SaveAsync(); } throw new InvalidGrantException("Refresh token could not be found."); } await _authenticateClientService.AuthenticateAsync(_request.ClientId, _request.ClientSecret); // Make sure all requested scopes were requested in the original refresh token. if (request.Scope != null) { var scopes = request.Scope.Split(" "); foreach (var scope in scopes) { // Only allow the refreshed token to use the scopes issued with the // original token as per https://tools.ietf.org/html/rfc6749#section-6 var originalScopes = _refreshToken.AuthorizationCode.Scope.Split(" "); if (originalScopes.All(scopeName => scopeName != scope)) { throw new InvalidScopeException("The provided scope is invalid."); } } } _scope = request.Scope ?? _refreshToken.Scope; }
private async Task ValidateRequestAsync(IAuthorizationCodeTokenRequest request) { _request = request; if (_request.ClientId == Guid.Empty) { throw new InvalidClientException("Invalid client credentials."); } if (_request.Code == null) { throw new InvalidGrantException("Invalid authorization code."); } _code = await _authorizationCodeRepository.FindAsync(_request.Code); if (_code?.UserId == null || _code.IsExpired) { throw new InvalidGrantException("Invalid authorization code."); } // If someone tries to use the same authorization code twice, disable the access token. if (_code.Used) { if (_code.AccessToken != null) { _code.AccessToken.Disabled = true; await _accessTokenRepository.SaveAsync(); } throw new InvalidGrantException("Invalid authorization code."); } if (_code.ClientId != _request.ClientId) { throw new InvalidGrantException("Invalid client id."); } _application = await _findApplicationService.FindByClientIdAsync(request.ClientId); if (_application.Type == ClientTypes.Confidential) { await _authenticateClientService.AuthenticateAsync(request.ClientId, request.ClientSecret); } _redirectUri = request.RedirectUri ?? _application.RedirectUri; if (_redirectUri != _application.RedirectUri) { throw new InvalidGrantException("The provided redirect URI does not match the one on record."); } }
public async Task <ActionResult> AddAccessToken() { // First, delete the current token // TODO: Refactor so that it goes via ID DeleteToken(); // Get a new token via Spotify API var code = GetCodeFromHttpContext(); var tokenFromRepoDto = await _spotifyService.GetAccessTokenFromSpotify(code); var tokenEntityToSave = _mapper.Map <Repository.Data.Entities.AccessToken>(tokenFromRepoDto); tokenEntityToSave.DateModified = DateTime.Now; // Store token await _accessTokenRepository.AddAccessToken(tokenEntityToSave); try { await _accessTokenRepository.SaveAsync(); } catch (Exception ex) { _logger.LogError("Adding an access token failed on save.", ex); } return(Ok()); }
public async Task <JwtToken> GenerateTokenAsync(IResourceOwnerPasswordCredentialsTokenRequest request) { await ValidateRequestAsync(request); var jwtToken = await CreateJwtTokenAsync(); var accessToken = jwtToken.ToAccessToken(); _accessTokenRepository.Add(accessToken); await _accessTokenRepository.SaveAsync(); return(jwtToken); }