private static List <Client> BuildClientsList()
{
var clientsList = new List <Client>
{
new Client
{
Id = "RestaurantDemoApp",
Secret = CryptoAes.GetHash("*****@*****.**"),
Name = "Chinese Restaurant",
ApplicationType = ApplicationTypes.JavaScript,
Active = true,
RefreshTokenLifeTime = 7200,
AllowedOrigin = "http://www.swaksoft.com"
},
new Client
{
Id = "RestaurantDemoTestApp",
Secret = CryptoAes.GetHash("*****@*****.**"),
Name = "Chinese Restaurant Test",
ApplicationType = ApplicationTypes.JavaScript,
Active = true,
RefreshTokenLifeTime = 7200,
AllowedOrigin = "http://localhost:20178"
}
};
return(clientsList);
}
public async Task <string> CreateRefreshTokenAsync(AuthenticationTicket ticket, string protectedTicket)
{
if (ticket == null)
{
throw new ArgumentNullException("ticket");
}
if (string.IsNullOrWhiteSpace(protectedTicket))
{
throw new ArgumentNullException("protectedTicket");
}
var refreshTokenId = Guid.NewGuid().ToString("n");
var refreshToken = CryptoAes.GetHash(refreshTokenId);
var clientId = ticket.Properties.Dictionary["as:client_id"];
var token = new RefreshToken
{
Id = refreshToken,
ClientId = clientId,
Subject = ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = ticket.Properties.ExpiresUtc.GetValueOrDefault().DateTime,
ProtectedTicket = protectedTicket
};
var result = await userManager.AddRefreshTokenAsync(token);
return((result) ? refreshToken : null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
//context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
var client = _identityRepository.FindClient(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
if (client.Secret != CryptoAes.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}