private string CreateJWTToken(int organisationID, int expiry, Claim claim = null) { OrganisationIdentity identity = new OrganisationIdentity(); identity.OrganisationID = organisationID; if (claim != null) { identity.AddClaim(claim); } DateTime expires = DateTime.UtcNow.AddSeconds(expiry); OrganisationSecurityTokenHandler handler = _AuthOptions.SecurityTokenValidators.OfType <OrganisationSecurityTokenHandler>().FirstOrDefault(); JwtSecurityToken securityToken = handler.CreateJwtSecurityToken( //issuer: _AuthOptions.TokenValidationParameters.ValidIssuer, //audience: _AuthOptions.TokenValidationParameters.ValidAudience, signingCredentials: _SigningCredentials, subject: identity, expires: expires ); return(handler.WriteToken(securityToken)); }
public IActionResult CreateAccessToken([FromForm] OAuthTokenRequest tokenRequest) { IActionResult result = null; if (string.Compare(tokenRequest.grant_type, "password", true) == 0) { Model.AccessKey accessKey = BusinessLogicFactory.AccessKeys.GetAccessKey(tokenRequest.username); if (accessKey != null) { if (string.Compare(tokenRequest.password, accessKey.Secret) == 0) { OAuthToken token = CreateOAuthToken(accessKey.OrganisationID); result = new ObjectResult(token) { StatusCode = (int)HttpStatusCode.Created }; } else { _logger.LogDebug($"Incorrect Secret for Organisation {accessKey.OrganisationID} with access key: {accessKey.Name}"); result = new UnauthorizedResult(); } } else { _logger.LogDebug($"No organisation with key: {tokenRequest.username}"); result = new UnauthorizedResult(); } } else if (string.Compare(tokenRequest.grant_type, "refresh_token", true) == 0) { OrganisationSecurityTokenHandler handler = _AuthOptions.SecurityTokenValidators.OfType <OrganisationSecurityTokenHandler>().FirstOrDefault(); JwtSecurityToken securityToken = handler.ReadJwtToken(tokenRequest.refresh_token); if (securityToken != null) { Claim organisationClaim = securityToken.Claims.ToList().Find(c => c.Type.Equals(OrganisationIdentity.OrganisationClaim)); Claim refreshTokenClaim = securityToken.Claims.ToList().Find(c => c.Type.Equals(RefreshTokenClaim)); if (organisationClaim != null && refreshTokenClaim != null && refreshTokenClaim.Value.Equals(RefreshTokenExists)) { int organisationID; if (int.TryParse(organisationClaim.Value, out organisationID) && organisationID > 0) { OAuthToken token = CreateOAuthToken(organisationID); result = new ObjectResult(token) { StatusCode = (int)HttpStatusCode.Created }; } else { _logger.LogDebug($"Failed to parse organisationID in refresh token: {tokenRequest.refresh_token}"); result = new BadRequestResult(); } } else { _logger.LogDebug($"Refresh token does not have expected claims: {tokenRequest.refresh_token}"); result = new BadRequestResult(); } } else { _logger.LogDebug($"Invalid refresh token: {tokenRequest.refresh_token}"); result = new BadRequestResult(); } } else { result = new BadRequestResult(); } return(result); }