/// <summary>
/// Retrieves the cached access token for the WebAPI. If an access token cannot be found in the
/// cache, return an empty access token.
/// </summary>
/// <returns>WebAPI access token. Empty if a cached access token cannot be found.</returns>
private async Task <string> GetAPIAccessToken(string scope)
{
string accessToken = string.Empty;
// The cache is built using the signed in user's identity so we must retrieve their name identifier
// from the claims collection
string userId = User.FindFirst(ClaimTypes.NameIdentifier).Value;
// Reconstruct the token cache based on the signed in User ID and the current HttpContext
TokenSessionCache tokenSessionCache = new TokenSessionCache(userId, this.HttpContext);
List <TokenResult> tokenCache = tokenSessionCache.GetTokenCacheInstance();
TokenResult tokenResult = tokenCache.FirstOrDefault(t => t.scope.Contains(scope));
if (tokenResult == null)
{
// The token was not found in the cache, force a sign out of the user
// so they must re-authenticate
await HttpContext.SignOutAsync();
}
else
{
// Check for access token expiration and get another using refresh token
accessToken = tokenResult.access_token;
DateTime expiresOn = _epoch + new TimeSpan(0, 0, tokenResult.expires_on);
if (expiresOn < DateTime.UtcNow)
{
string authority = $"{_configuration.GetValue<string>("AzureADB2C:Instance")}tfp/{_configuration.GetValue<string>("AzureADB2C:Domain")}/{_configuration.GetValue<string>("AzureADB2C:SignUpSignInPolicyId")}";
TokenResult newTokenResult = await TokenHelper.GetAccessTokenByRefreshToken(authority, _configuration.GetValue <string>("AzureADB2C:ClientId"), _configuration.GetValue <string>("AzureADB2C:ClientSecret"), tokenResult.refresh_token, scope);
accessToken = newTokenResult.access_token;
// Update token cache
for (int i = 0; i < tokenCache.Count; i++)
{
if (tokenCache[i].scope.Contains(scope))
{
tokenCache[i] = newTokenResult;
tokenSessionCache.Persist();
break;
}
}
}
}
return(accessToken);
}
private async Task <string> GetAccessTokens(string userId, HttpContext httpContext, string authorizationCode, string authority, string redirectUri, string clientId, string clientSecret, string scopes)
{
string accessToken = string.Empty;
string refreshToken = string.Empty;
TokenSessionCache tokenSessionCache = new TokenSessionCache(userId, httpContext);
List <TokenResult> tokenCache = tokenSessionCache.GetTokenCacheInstance();
string[] apiScopes = scopes.Split(" ");
if (apiScopes.Length > 0)
{
for (int i = 0; i < apiScopes.Length; i++)
{
if (i == 0)
{
TokenResult tokenResult = await TokenHelper.GetAccessTokenByAuthorizationCode(authority, clientId, clientSecret, authorizationCode, redirectUri, apiScopes[i]);
tokenCache.Add(tokenResult);
accessToken = tokenResult.access_token;
refreshToken = tokenResult.refresh_token;
}
else
{
if (!string.IsNullOrEmpty(refreshToken))
{
TokenResult tokenResult = await TokenHelper.GetAccessTokenByRefreshToken(authority, clientId, clientSecret, refreshToken, apiScopes[i]);
tokenCache.Add(tokenResult);
}
}
}
}
if (tokenCache.Count > 0)
{
tokenSessionCache.Persist();
}
return(accessToken);
}