public override async Task GrantRefreshToken([NotNull] GrantRefreshTokenContext context)
{
var manager = context.HttpContext.RequestServices.GetRequiredService <OpenIddictManager <TUser, TApplication> >();
var options = context.HttpContext.RequestServices.GetRequiredService <IOptions <IdentityOptions> >();
// If the user manager doesn't support security
// stamps, skip the default validation logic.
if (!manager.SupportsUserSecurityStamp)
{
return;
}
var principal = context.AuthenticationTicket?.Principal;
Debug.Assert(principal != null);
var user = await manager.FindByIdAsync(principal.GetUserId());
if (user == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "The refresh token is no longer valid.");
return;
}
var identifier = principal.GetClaim(options.Value.ClaimsIdentity.SecurityStampClaimType);
if (!string.IsNullOrEmpty(identifier) &&
!string.Equals(identifier, await manager.GetSecurityStampAsync(user), StringComparison.Ordinal))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "The refresh token is no longer valid.");
return;
}
// Note: the "scopes" property stored in context.AuthenticationTicket is automatically
// updated by ASOS when the client application requests a restricted scopes collection.
var identity = await manager.CreateIdentityAsync(user, context.AuthenticationTicket.GetScopes());
Debug.Assert(identity != null);
// Create a new authentication ticket holding the user identity but
// reuse the authentication properties stored in the refresh token.
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
context.AuthenticationTicket.Properties,
context.Options.AuthenticationScheme);
context.Validate(ticket);
}
/// <summary>
/// Grant a new access_token based on the current refresh_token. Here we couldvalidate whether the
/// refresh token is still valid or revoked.
/// </summary>
public override async Task GrantRefreshToken(GrantRefreshTokenContext context)
{
var validator = new RefreshTokenValidator(
context.Ticket.GetTicketId(),
context.ClientId,
context.Ticket.Principal.GetClaim(ClaimTypes.NameIdentifier));
var result = await ExecuteMessage(context, validator);
if (!result.Succeeded)
{
context.Reject(OpenIdConnectConstants.Errors.InvalidRequest, "Could not validate refresh_token.");
return;
}
var principal = new ClaimsPrincipal(context.Ticket.Principal);
var ticket = CreateAuthenticationTicket(principal, context.Ticket.Properties, context.Options, context);
context.Validate(ticket);
}
public override async Task GrantRefreshToken(GrantRefreshTokenContext context)
{
//_authService = (IAuthService)context.HttpContext.ApplicationServices.GetService(typeof(IAuthService));
_authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService));
string originalClient = string.Empty;
context.Ticket.Properties.Items.TryGetValue("client_id", out originalClient);
var currentClient = context.ClientId;
if (originalClient != currentClient)
{
context.Reject("O Refresh token foi criado para outro client_id");
}
string username = string.Empty;
context.Ticket.Properties.Items.TryGetValue("userName", out username);
var user = await _authService.GetUsuarioEmail(username);
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
int casaId = await _authService.GetCasaSelecionada(user);
//verifica se usuario esta bloqueado para aquela casa
if (_authService.AcessoUsuarioBloqueado(user.Id, casaId))
{
//tenta obter acesso em outra casa
int novaCasaSelec = _authService.TentaSelecOutraCasa(user.Id, casaId);
if (novaCasaSelec == 0)
{
context.Reject("O seu acesso foi bloqueado");
return;
}
casaId = novaCasaSelec;
}
foreach (var claim in _authService.GetClaims(user, casaId))
{
identity.AddClaim(claim.Type, claim.Value, "access_token", "id_token");
}
identity.AddClaim("casa", casaId.ToString(), "access_token", "id_token");
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "access_token", "id_token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "access_token", "id_token");
var principal = new ClaimsPrincipal(identity);
var newTicket = new AuthenticationTicket(principal,
context.Ticket.Properties,
OpenIdConnectServerDefaults.AuthenticationScheme);
context.Validate(newTicket);
}