/// <summary>
/// Determine whether the specified <see cref="OAuthTicket"/> has expired.
/// </summary>
/// <param name="tiket">The <see cref="OAuthTicket"/> to check.</param>
/// <param name="clock">The <see cref="ISystemClock"/> used to provide standard time.</param>
/// <returns>The valude indicating the specified <see cref="OAuthTicket"/> has expired.</returns>
/// <exception cref="ArgumentNullException">Specified <paramref name="tiket"/> is null.</exception>
/// <exception cref="ArgumentNullException">Specified <paramref name="clock"/> is null.</exception>
public static bool HasExpired(this OAuthTicket tiket, ISystemClock clock)
{
Guard.ArgumentNotNull(tiket, nameof(tiket));
Guard.ArgumentNotNull(clock, nameof(clock));
return(tiket.ExpiresUtc < clock.UtcNow);
}
/// <summary>
/// Create token endpoint specific request context.
/// </summary>
/// <param name="httpContext">The current HTTP request specific <see cref="HttpContext"/>.</param>
/// <returns>The task to create the token endpoint specific request context.</returns>
/// <exception cref="ArgumentNullException">Specified <paramref name="httpContext"/> is null.</exception>
public Task <TokenContext> CreateTokenGrantContextAsync(HttpContext httpContext)
{
Guard.ArgumentNotNull(httpContext, nameof(httpContext));
//Must be POST request.
if (!string.Equals(httpContext.Request.Method, "POST"))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.UnsupportedHttpMethod.Format())));
}
//Conent-Type = application/x-www-form-urlencoded.
if (!httpContext.Request.HasFormContentType)
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.UnsupportedContentType.Format())));
}
var form = httpContext.Request.Form;
//Extract client_id.
var clientId = form.GetValue(OAuthDefaults.ParameterNames.ClientId);
if (string.IsNullOrWhiteSpace(clientId))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingClientId.Format())));
}
//Extract redirect_uri
var redirectUriString = form.GetValue(OAuthDefaults.ParameterNames.RedirectUri);
if (string.IsNullOrWhiteSpace(redirectUriString))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingRedirectUri.Format())));
}
Uri redirectUri;
try
{
redirectUri = new Uri(redirectUriString);
}
catch
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.InvalidRedirectUri.Format())));
}
//Extract client_secret
var clientSecret = form.GetValue(OAuthDefaults.ParameterNames.ClientSecret);
if (string.IsNullOrWhiteSpace(clientSecret))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingClientSecret.Format())));
}
//Extract grant_type
var grantTypeString = form.GetValue(OAuthDefaults.ParameterNames.GarntType);
if (string.IsNullOrWhiteSpace(grantTypeString))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingGrantType.Format())));
}
if (!_valideGrantTypes.Contains(grantTypeString))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.UnsupportedGrantType.UnsupportedGrantType.Format(grantTypeString))));
}
OAuthGrantType grantType = grantTypeString == "authorization_code"
? OAuthGrantType.AuthorizationCode
: OAuthGrantType.RefreshToken;
if (grantType == OAuthGrantType.AuthorizationCode)
{
var code = form.GetValue(OAuthDefaults.ParameterNames.Code);
if (string.IsNullOrWhiteSpace(clientSecret))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingAuthorizationCode.Format())));
}
try
{
OAuthTicket authorizationCode = _ticketFormat.Unprotect(code);
return(Task.FromResult(new TokenContext(httpContext, clientId, redirectUri, clientSecret, authorizationCode, grantType)));
}
catch
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidGrant.InvalidAuthorizationCode.Format())));
}
}
else
{
var token = form.GetValue(OAuthDefaults.ParameterNames.RefreshToken);
if (string.IsNullOrWhiteSpace(token))
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingRefreshToken.Format())));
}
try
{
OAuthTicket refreshToken = _ticketFormat.Unprotect(token);
return(Task.FromResult(new TokenContext(httpContext, clientId, redirectUri, clientSecret, refreshToken, grantType)));
}
catch
{
return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidGrant.InvalidRefreshToken.Format())));
}
}
}
/// <summary>
/// Creates a new <see cref="TokenContext"/>.
/// </summary>
/// <param name="httpContext">The current <see cref="HttpContext"/>.</param>
/// <param name="clientId">The client identifier of the application.</param>
/// <param name="redirectUri">The redirect uri of the application.</param>
/// <param name="clientSecret">Client sesret of the application.</param>
/// <param name="authorizationCodeOrRefreshToken">Authorization code or refresh token provided by client application.</param>
/// <param name="grantType">The OAuth grant type.</param>
public TokenContext(HttpContext httpContext, string clientId, Uri redirectUri, string clientSecret, OAuthTicket authorizationCodeOrRefreshToken, OAuthGrantType grantType) : base(httpContext)
{
ClientId = Guard.ArgumentNotNullOrWhiteSpace(clientId, nameof(clientId));
RedirectUri = Guard.ArgumentNotNull(redirectUri, nameof(redirectUri));
ClientSecret = Guard.ArgumentNotNullOrWhiteSpace(clientSecret, nameof(clientSecret));
GrantType = grantType;
if (grantType == OAuthGrantType.AuthorizationCode)
{
AuthorizationCode = Guard.ArgumentNotNull(authorizationCodeOrRefreshToken, nameof(authorizationCodeOrRefreshToken));
}
else
{
RefreshToken = Guard.ArgumentNotNull(authorizationCodeOrRefreshToken, nameof(authorizationCodeOrRefreshToken));
}
}
public ResourceContext(HttpContext httpContext, OAuthTicket oAuthTicket, ResourceEndpoint resourceEndpoint) : base(httpContext)
{
OAuthTicket = oAuthTicket ?? throw new ArgumentNullException(nameof(oAuthTicket));
ResourceEndpoint = resourceEndpoint ?? throw new ArgumentNullException(nameof(resourceEndpoint));
Scopes = oAuthTicket.Scopes.Intersect(resourceEndpoint.Scopes).ToArray();
}