public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { if (!context.TryGetBasicCredentials(out string clientId, out string clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (string.IsNullOrWhiteSpace(context.ClientId)) { context.Rejected(); context.SetError("invalid_clientId", "ClientId should be sent."); return(Task.FromResult <object>(null)); } var client = _refreshTokenManager.FindClient(Guid.Parse(context.ClientId)); if (client == null) { context.Rejected(); context.SetError("invalid_clientId", $"Client '{context.ClientId}' is not registered in the system."); return(Task.FromResult <object>(null)); } // Javascript client if (client.ApplicationType == ApplicationType.Mobile) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.Rejected(); context.SetError("invalid_clientId", "Client secret should be sent."); return(Task.FromResult <object>(null)); } if (clientSecret != client.Secret) { context.Rejected(); context.SetError("invalid_clientId", "Client secret is invalid."); return(Task.FromResult <object>(null)); } } if (!client.Active) { context.Rejected(); context.SetError("invalid_clientId", "Client is inactive."); return(Task.FromResult <object>(null)); } context.OwinContext.Set(OwinEnvironment.ClientAllowedOriginPropertyName, client.AllowedOrigin); context.OwinContext.Set(OwinEnvironment.ClientRefreshTokenLifeTimePropertyName, client.RefreshTokenLifeTime.ToString()); context.Validated(); return(Task.FromResult <object>(null)); }
public async Task <IHttpActionResult> DeleteClient(Guid id) { var client = _refreshTokenManager.FindClient(id); if (client == null) { return(NotFound()); } var result = await _refreshTokenManager.RemoveClient(id); if (result) { return(Ok()); } ModelState.AddModelError("", $"Client: '{id}' could not delete."); return(BadRequest(ModelState)); }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException(nameof(data)); } var audienceId = data.Properties.Dictionary[OwinEnvironment.ClientPropertyName]; var client = _refreshTokenManager.FindClient(Guid.Parse(audienceId)); var symmetricKeyBase64 = client.Secret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyBase64); //var signingCredentials = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; if (issued == null) { throw new Exception("Issued is null"); } var expires = data.Properties.ExpiresUtc; if (expires == null) { throw new Exception("Expires is null"); } var signingCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }