public Token Authorize(IOAuthRequest request)
{
_logger.Debug("Authorizing refresh token request");
if (request.ContentType != ContentType.FormEncoded)
{
throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
}
//Make sure consumer is valid
var consumer = _consumerRepository.GetByClientId(request.ClientId);
if (consumer == null)
{
throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
}
if (consumer.Secret != request.ClientSecret)
{
throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
}
var refreshToken = request.RefreshToken;
if (string.IsNullOrWhiteSpace(refreshToken))
{
throw new OAuthException(ErrorCode.InvalidRequest, "Refresh token is invalid");
}
var tokenData = _issuer.DecodeRefreshToken(refreshToken);
if (tokenData.ConsumerId != consumer.ConsumerId)
{
throw new OAuthException(ErrorCode.UnauthorizedClient, "Refresh token is invalid");
}
if (!_resourceOwnerRepository.IsConsumerApproved(tokenData.ResourceOwnerId, tokenData.ConsumerId))
{
throw new OAuthException(ErrorCode.UnauthorizedClient, "Unauthorized access");
}
var newTokenData = new TokenData
{
ConsumerId = consumer.ConsumerId,
ResourceOwnerId = tokenData.ResourceOwnerId,
Timestamp = DateTimeOffset.UtcNow.DateTime.Ticks
};
return(new Token
{
AccessToken = _issuer.GenerateAccessToken(newTokenData),
ExpiresIn = _configuration.AccessTokenExpirationLength,
RefreshToken = _issuer.GenerateRefreshToken(newTokenData)
});
}