public Task<Dictionary<string, object>> ProcessAsync(IntrospectionRequestValidationResult validationResult, Scope scope)
{
_logger.LogVerbose("Creating introspection response");
var response = new Dictionary<string, object>();
if (validationResult.IsActive == false)
{
_logger.LogInformation("Creating introspection response for inactive token.");
response.Add("active", false);
return Task.FromResult(response);
}
if (scope.AllowUnrestrictedIntrospection)
{
_logger.LogInformation("Creating unrestricted introspection response for active token.");
response = validationResult.Claims.ToClaimsDictionary();
response.Add("active", true);
}
else
{
_logger.LogInformation("Creating restricted introspection response for active token.");
response = validationResult.Claims.Where(c => c.Type != JwtClaimTypes.Scope).ToClaimsDictionary();
response.Add("active", true);
response.Add("scope", scope.Name);
}
return Task.FromResult(response);
}
public async Task <IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope)
{
var fail = new IntrospectionRequestValidationResult {
IsError = true
};
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return(fail);
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return(fail);
}
// check expected scope
var expectedScope = tokenValidationResult.Claims.FirstOrDefault(
c => c.Type == Constants.ClaimTypes.Scope && c.Value == scope.Name);
// expected scope not present
if (expectedScope == null)
{
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return(fail);
}
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = tokenValidationResult.Claims
};
return(success);
}
public async Task<IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope)
{
var fail = new IntrospectionRequestValidationResult { IsError = true };
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return fail;
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return fail;
}
// check expected scope
var expectedScope = tokenValidationResult.Claims.FirstOrDefault(
c => c.Type == Constants.ClaimTypes.Scope && c.Value == scope.Name);
// expected scope not present
if (expectedScope == null)
{
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return fail;
}
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = tokenValidationResult.Claims
};
return success;
}
