public string GrantAccessToken() { RequestAccessTokenParams rap = new RequestAccessTokenParams(); rap.GrantType = current.Request.QueryString[Constants.GrantTypeParameter]; rap.Scope = current.Request.QueryString[Constants.ScopeParameter]; rap.Code = current.Request.QueryString[Constants.CodeParameter]; rap.RedirectUri = current.Request.QueryString[Constants.RedirectUriParameter]; rap.Username = current.Request.QueryString[Constants.UsernameParameter]; rap.Password = current.Request.QueryString[Constants.PasswordParameter]; // Grant Type must be specified. if (string.IsNullOrEmpty(rap.GrantType)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); } //// Make sure we've implemented the requested grant type var grantTypes = GetSupportedGrantTypes(); if (!grantTypes.Contains(rap.GrantType)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE, null, null); } //// Authorize the client var clientCridentials = GetClientCredentials(); if (!CheckClientCredentials(clientCridentials.ClientId, clientCridentials.ClientSecret)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_CLIENT, null, null); } string scopes = ""; //// Do the granting switch (rap.GrantType) { case Constants.OAUTH2_GRANT_TYPE_AUTH_CODE: if (string.IsNullOrEmpty(rap.Code) || string.IsNullOrEmpty(rap.RedirectUri)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); } var stored = GetAuthCode(rap.Code); if (stored == null) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, null, null, null); } scopes = stored.Scopes; // Ensure that the input uri starts with the stored uri if (!rap.RedirectUri.Equals(stored.RedirectUri, StringComparison.CurrentCultureIgnoreCase)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); } if (!clientCridentials.ClientId.Equals(stored.ClientId, StringComparison.CurrentCultureIgnoreCase)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); } if (stored.Expires < DateTime.Now.TimeOfDay) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_EXPIRED_TOKEN, null, null); } break; case Constants.OAUTH2_GRANT_TYPE_USER_CREDENTIALS: if (string.IsNullOrEmpty(rap.Username) || string.IsNullOrEmpty(rap.Password)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); } if (!CheckUserCredentials(clientCridentials.ClientId, rap.Username, rap.Password)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); } break; default: break; } //// Check scope, if provided if (!string.IsNullOrEmpty(rap.Scope) && !CheckScope(scopes, rap.Scope)) { DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_SCOPE, null, null); } string token = CreateAccessToken(clientCridentials.ClientId, rap.Scope); return(token); }
public string GrantAccessToken() { RequestAccessTokenParams rap = new RequestAccessTokenParams(); rap.GrantType = current.Request.QueryString[Constants.GrantTypeParameter]; rap.Scope = current.Request.QueryString[Constants.ScopeParameter]; rap.Code = current.Request.QueryString[Constants.CodeParameter]; rap.RedirectUri = current.Request.QueryString[Constants.RedirectUriParameter]; rap.Username = current.Request.QueryString[Constants.UsernameParameter]; rap.Password = current.Request.QueryString[Constants.PasswordParameter]; // Grant Type must be specified. if (string.IsNullOrEmpty(rap.GrantType)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); //// Make sure we've implemented the requested grant type var grantTypes = GetSupportedGrantTypes(); if (!grantTypes.Contains(rap.GrantType)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE, null, null); //// Authorize the client var clientCridentials = GetClientCredentials(); if (!CheckClientCredentials(clientCridentials.ClientId, clientCridentials.ClientSecret)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_CLIENT, null, null); string scopes = ""; //// Do the granting switch (rap.GrantType) { case Constants.OAUTH2_GRANT_TYPE_AUTH_CODE: if (string.IsNullOrEmpty(rap.Code) || string.IsNullOrEmpty(rap.RedirectUri)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); var stored = GetAuthCode(rap.Code); if (stored == null) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, null, null, null); scopes = stored.Scopes; // Ensure that the input uri starts with the stored uri if (!rap.RedirectUri.Equals(stored.RedirectUri, StringComparison.CurrentCultureIgnoreCase)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); if (!clientCridentials.ClientId.Equals(stored.ClientId, StringComparison.CurrentCultureIgnoreCase)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); if (stored.Expires < DateTime.Now.TimeOfDay) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_EXPIRED_TOKEN, null, null); break; case Constants.OAUTH2_GRANT_TYPE_USER_CREDENTIALS: if (string.IsNullOrEmpty(rap.Username) || string.IsNullOrEmpty(rap.Password)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_REQUEST, null, null); if (!CheckUserCredentials(clientCridentials.ClientId, rap.Username, rap.Password)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_GRANT, null, null); break; default: break; } //// Check scope, if provided if (!string.IsNullOrEmpty(rap.Scope) && !CheckScope(scopes, rap.Scope)) DoRedirectUriError(Constants.OAUTH2_HTTP_BAD_REQUEST, Constants.OAUTH2_ERROR_INVALID_SCOPE, null, null); string token = CreateAccessToken(clientCridentials.ClientId, rap.Scope); return token; }