private async Task <JObject> GenerateLocalAccessTokenResponse(string email, string clientId)
{
var tokenExpiration = TimeSpan.FromHours(6);
var user = _iUserBus.FindUserByEmail(email);
var userRoles = await _iAuthorizationBus.UserRoles(user.Id);
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, email));
identity.AddClaim(new Claim(AuthConstants.CustomClaims.UserId, user.Id));
foreach (var role in userRoles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
var client = _iAuthorizationBus.FindClient(clientId);
if (client == null)
{
throw new ForbiddenException(string.Format(Resources.ClientIdNotRegistred, clientId));
}
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
var ticket = new AuthenticationTicket(identity, props);
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
AuthenticationTokenCreateContext context = new AuthenticationTokenCreateContext(Request.GetOwinContext(), Startup.OAuthServerOptions.RefreshTokenFormat, ticket);
context.Ticket.Properties.Dictionary.Add("as:client_id", client.Id);
context.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
await Startup.OAuthServerOptions.RefreshTokenProvider.CreateAsync(context);;
JObject tokenResponse = new JObject(new JProperty(AuthConstants.CustomAuthProps.UserName, email),
new JProperty("access_token", accessToken),
new JProperty("refresh_token", context.Token),
new JProperty("token_type", "bearer"),
new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()),
new JProperty(".issued", ticket.Properties.IssuedUtc.Value.ToUniversalTime().ToString("o")),
new JProperty(".expires", DateTime.UtcNow.Add(tokenExpiration).ToUniversalTime().ToString("o")),
new JProperty(AuthConstants.CustomAuthProps.UserId, user.Id),
new JProperty(AuthConstants.CustomAuthProps.FullName, user.FirstName),
new JProperty(AuthConstants.CustomAuthProps.ProfilePic, user.ImagePath),
new JProperty(AuthConstants.CustomAuthProps.IsAdmin, (userRoles.Contains(ApplicationConstants.ADMIN)) ? "true" : "false"));
return(tokenResponse);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
_iAuthorizationBus = (IAuthorizationBus)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IAuthorizationBus));
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
if (context.UserName == null || context.Password == null)
{
context.SetError("invalid_request", Resources.InvalidLoginRequest);
return;
}
var user = await _iAuthorizationBus.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", Resources.InvalidEmailOrPassword);
return;
}
var userRoles = await _iAuthorizationBus.UserRoles(user.Id);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(AuthConstants.CustomClaims.UserId, user.Id));
foreach (var role in userRoles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
AuthConstants.CustomAuthProps.ClientId, (context.ClientId == null) ? string.Empty : context.ClientId
},
{
AuthConstants.CustomAuthProps.UserName, context.UserName
},
{
AuthConstants.CustomAuthProps.IsAdmin, (userRoles.Contains(ApplicationConstants.ADMIN)) ? "true" : "false"
},
{
AuthConstants.CustomAuthProps.UserId, user.Id
},
{
AuthConstants.CustomAuthProps.FullName, user.FirstName + " " + user.LastName
},
{
AuthConstants.CustomAuthProps.ProfilePic, user.ProfileImage
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}