public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; string symmetricKeyAsBase64 = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id não pode ser nulo"); return(Task.FromResult <object>(null)); } //Procurando pelo Client Id var token = context.ClientId.Split(':'); var client_id = token.First(); var accessKey = token.Last(); var applicationAccess = WebApplicationAccess.Find(client_id); if (applicationAccess == null) { context.SetError("invalid_clientId", "client_Id não encontrado"); return(Task.FromResult <object>(null)); } if (applicationAccess.AccessKey != accessKey) { context.SetError("invalid_clientId", "access key não encontrado ou inválido"); return(Task.FromResult <object>(null)); } context.Validated(); return(Task.FromResult <object>(null)); }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } string audience = data.Properties.Dictionary["audience"]; if (string.IsNullOrWhiteSpace(audience)) { throw new InvalidOperationException("ClientId e AccessKey não foi encontrado"); } var keys = audience.Split(':'); var client_id = keys.First(); var accessKey = keys.Last(); var applicationAccess = WebApplicationAccess.Find(client_id); var keyByteArray = TextEncodings.Base64Url.Decode(applicationAccess.SecretKey); var signingKey = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; var expires = data.Properties.ExpiresUtc; var token = new JwtSecurityToken(_issuer, client_id, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }