public virtual TokenResponse CreateTokenResponseFromAuthorizationCode(StoredGrant handle, IStoredGrantManager handleManager) { var resourceOwner = Principal.Create( "OAuth2", handle.ResourceOwner.ToClaims().ToArray()); var validatedRequest = new ValidatedRequest { Client = handle.Client, Application = handle.Application, Scopes = handle.Scopes }; var response = CreateTokenResponse(validatedRequest, resourceOwner); if (handle.CreateRefreshToken) { var refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle( resourceOwner.GetSubject(), handle.Client, handle.Application, resourceOwner.Claims, handle.Scopes, handle.RefreshTokenExpiration.Value, validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken); handleManager.Add(refreshTokenHandle); response.RefreshToken = refreshTokenHandle.GrantId; } handleManager.Delete(handle.GrantId); return response; }
public Models.StoredGrant Get(string handleIdentifier) { DateTime expiration; if (_expired) { expiration = DateTime.UtcNow.Subtract(TimeSpan.FromHours(1)); } else { expiration = DateTime.UtcNow.Add(TimeSpan.FromHours(1)); } if (handleIdentifier == _id) { var handle = new StoredGrant { Client = new Client { ClientId = _clientId }, RedirectUri = _redirectUri, Expiration = expiration }; return handle; } return null; }
public virtual TokenResponse CreateTokenResponse(StoredGrant handle, IStoredGrantManager handleManager) { if (handle.Type == StoredGrantType.AuthorizationCode) { return CreateTokenResponseFromAuthorizationCode(handle, handleManager); } if (handle.Type == StoredGrantType.RefreshTokenIdentifier) { return CreateTokenResponseFromRefreshToken(handle, handleManager); } throw new ArgumentException("handle.Type"); }
public virtual TokenResponse CreateTokenResponseFromRefreshToken(StoredGrant handle, IStoredGrantManager handleManager) { var resourceOwner = Principal.Create( "OAuth2", handle.ResourceOwner.ToClaims().ToArray()); if (DateTime.UtcNow > handle.Expiration) { throw new InvalidOperationException("Refresh token has expired."); } var validatedRequest = new ValidatedRequest { Client = handle.Client, Application = handle.Application, Scopes = handle.Scopes, }; var response = CreateTokenResponse(validatedRequest, resourceOwner); response.RefreshToken = handle.GrantId; return response; }
public virtual TokenResponse CreateTokenResponseFromRefreshToken(StoredGrant handle, IStoredGrantManager handleManager) { var resourceOwner = Principal.Create( "OAuth2", handle.ResourceOwner.ToClaims().ToArray()); if (DateTime.UtcNow > handle.Expiration) { throw new InvalidOperationException("Refresh token has expired."); } var validatedRequest = new ValidatedRequest { Client = handle.Client, Application = handle.Application, Scopes = handle.Scopes, }; var response = CreateTokenResponse(validatedRequest, resourceOwner); if (handle.CreateRefreshToken) { StoredGrant refreshTokenHandle; if (validatedRequest.Application.AllowSlidingRefreshTokenExpiration) { var rememberTimeSpan = handle.Expiration.Subtract(handle.Created); var newRefreshTokenExpiration = DateTime.UtcNow.Add(rememberTimeSpan); refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle( resourceOwner.GetSubject(), handle.Client, handle.Application, resourceOwner.Claims, handle.Scopes, newRefreshTokenExpiration, createRefreshToken: validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken); } else { refreshTokenHandle = StoredGrant.CreateRefreshTokenHandle( resourceOwner.GetSubject(), handle.Client, handle.Application, resourceOwner.Claims, handle.Scopes, handle.Expiration, createRefreshToken: validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken); } response.RefreshToken = refreshTokenHandle.GrantId; handleManager.Add(refreshTokenHandle); handleManager.Delete(handle.GrantId); } else { response.RefreshToken = handle.GrantId; } return response; }
public void Init() { DataProtectection.Instance = new NoProtection(); globalConfiguration = new GlobalConfiguration() { Issuer = "Test Issuer" }; rocv = new Mock<IResourceOwnerCredentialValidation>(); config = new Mock<IAuthorizationServerConfiguration>(); handleManager = new Mock<IStoredGrantManager>(); assertionGrantValidator = new Mock<IAssertionGrantValidation>(); clientManager = new Mock<IClientManager>(); tokenService = new TokenService(globalConfiguration); #region Setup Test Client string secret = "12345678"; byte[] encodedByte = System.Text.ASCIIEncoding.ASCII.GetBytes(secret); string base64EncodedSecret = Convert.ToBase64String(encodedByte); _Client = new Client() { ClientId = "MobileAppShop", ClientSecret = base64EncodedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; #endregion #region Setup Test Application var scope = new Scope(); scope.Name = "read"; scope.AllowedClients = new List<Client>(); scope.AllowedClients.Add(_Client); _Scopes = new List<Scope>(); _Scopes.Add(scope); string symmetricKey = "C33333333333333333333333335="; byte[] keybytes = Convert.FromBase64String(symmetricKey); SecurityKey securityKey = new InMemorySymmetricSecurityKey(keybytes); _Application = new Application() { Name = "Test Application 1", Scopes = _Scopes, Audience = "Test Audience", TokenLifetime = 1, AllowRefreshToken = true, }; #endregion #region Setup Example StoredGrant Claim[] resourceOwnerClaims = { new Claim("Username", "JohnSmith"), new Claim("sub", "JohnSmith") }; _StoredGrant = new StoredGrant() { GrantId = "MyFavouriteRefrehToken1234", CreateRefreshToken = true, Client = _Client, ResourceOwner = resourceOwnerClaims.ToStoredGrantClaims().ToList(), Expiration = DateTime.Now.AddDays(1), RefreshTokenExpiration = DateTime.Now.AddMonths(1), Type = StoredGrantType.RefreshTokenIdentifier, Scopes = _Scopes, Application = _Application }; #endregion #region Setup Mocking Objects // IAuthorizationServerConfiguration config.Setup(x => x.FindApplication(It.IsNotNull<string>())) .Returns((string name) => { return _Application; }); config.Setup(x => x.GlobalConfiguration).Returns(() => globalConfiguration); // IClientManager clientManager.Setup(x => x.Get(It.IsNotNull<string>())) .Returns((string clientId) => { return _Client; }); // IResourceOwnerCredentialValidation rocv.Setup(x => x.Validate(It.IsNotNull<string>(), It.IsNotNull<string>())) .Returns((string username, string password) => { return Principal.Create("Test", resourceOwnerClaims); }); // IStoredGrantManager handleManager.Setup(x => x.Get(It.IsNotNull<string>())) .Returns((string grantIdentifier) => { return _StoredGrant; }); #endregion _TokenController = new TokenController( rocv.Object, config.Object, handleManager.Object, assertionGrantValidator.Object, tokenService, clientManager.Object); _TokenController.Request = new HttpRequestMessage(); _TokenController.Request.SetConfiguration(new HttpConfiguration()); }