/// <summary> /// Custom validation logic for access tokens. /// </summary> /// <param name="result">The validation result so far.</param> /// <returns> /// The validation result /// </returns> public virtual async Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result) { if (result.IsError) { return result; } // make sure user is still active (if sub claim is present) var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject); if (subClaim != null) { var principal = Principal.Create("tokenvalidator", result.Claims.ToArray()); if (result.ReferenceTokenId.IsPresent()) { principal.Identities.First().AddClaim(new Claim(Constants.ClaimTypes.ReferenceTokenId, result.ReferenceTokenId)); } var isActiveCtx = new IsActiveContext(principal, result.Client); await _users.IsActiveAsync(isActiveCtx); if (isActiveCtx.IsActive == false) { Logger.Warn("User marked as not active: " + subClaim.Value); result.IsError = true; result.Error = Constants.ProtectedResourceErrors.InvalidToken; result.Claims = null; return result; } } // make sure client is still active (if client_id claim is present) var clientClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.ClientId); if (clientClaim != null) { var client = await _clients.FindClientByIdAsync(clientClaim.Value); if (client == null || client.Enabled == false) { Logger.Warn("Client deleted or disabled: " + clientClaim.Value); result.IsError = true; result.Error = Constants.ProtectedResourceErrors.InvalidToken; result.Claims = null; return result; } } return result; }
/// <summary> /// Custom validation logic for identity tokens. /// </summary> /// <param name="result">The validation result so far.</param> /// <returns> /// The validation result /// </returns> public virtual async Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result) { // make sure user is still active (if sub claim is present) var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject); if (subClaim != null) { var principal = Principal.Create("tokenvalidator", result.Claims.ToArray()); var isActiveCtx = new IsActiveContext(principal, result.Client); await _users.IsActiveAsync(isActiveCtx); if (isActiveCtx.IsActive == false) { Logger.Warn("User marked as not active: " + subClaim.Value); result.IsError = true; result.Error = Constants.ProtectedResourceErrors.InvalidToken; result.Claims = null; return result; } } return result; }
public override Task<TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null) { var result = new TokenValidationResult { Error = Constants.ProtectedResourceErrors.InvalidToken }; return Task.FromResult(result); }
public override Task<TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null) { var result = new TokenValidationResult { IsError = false, Claims = new[] { new Claim(Constants.ClaimTypes.Subject, "unique_subject"), new Claim(Constants.ClaimTypes.Name, "subject name") } }; return Task.FromResult(result); }
public override Task<TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true) { var result = new TokenValidationResult { Error = Constants.ProtectedResourceErrors.InvalidToken }; return Task.FromResult(result); }
public override Task<TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true) { var result = new TokenValidationResult { IsError = false, Claims = new[] { new Claim(Constants.ClaimTypes.Subject, "unique_subject"), new Claim(Constants.ClaimTypes.Name, "subject name") } }; return Task.FromResult(result); }