public ActionResult <AccessTokenDTO> Attest( [FromQuery] Attestation attestation, [FromServices] IInvalidatedTokenCache invalidatedCache) { if (authenticationOptions.Mechanism != userContext.AuthenticationMechanism) { return(StatusCode(StatusCodes.Status401Unauthorized)); } try { if (invalidatedCache.IsInvalidated(userContext.IdNonce)) { logger.LogWarning("Id token is invalidated. IdNonce:{IdNonce} Attestation:{@Attestation}", userContext.IdNonce, attestation); return(StatusCode(StatusCodes.Status401Unauthorized)); } var token = jwtProvider.AccessToken(HttpContext, attestation); logger.LogInformation("Created Access Token. Attestation:{@Attestation} Token:{Token}", attestation, token); return(Ok(new AccessTokenDTO { AccessToken = token })); } catch (Exception e) { logger.LogError("Failed to produce access token. Attestation:{@Attestation} Error:{Error}", attestation, e.ToString()); return(StatusCode(StatusCodes.Status500InternalServerError)); } }
public async Task Invoke(HttpContext context) { var user = context.User; var authenticated = user?.Identity?.IsAuthenticated; if (authenticated.HasValue && authenticated.Value) { var idNonce = new Guid(user.FindFirstValue(Nonce.Id)); if (cache.IsInvalidated(idNonce)) { logger.LogWarning("Attempted use of invalidated token: {idNonce}", idNonce.ToString()); context.Response.StatusCode = 401; return; } } await next(context); }