/// <summary> /// Validates that the requested scopes is contained in the store, and the client is allowed to request it. /// </summary> /// <param name="client"></param> /// <param name="resourcesFromStore"></param> /// <param name="requestedScope"></param> /// <param name="result"></param> /// <returns></returns> protected override async Task ValidateScopeAsync(Client client, Resources resourcesFromStore, ParsedScopeValue requestedScope, ResourceValidationResult result) { var parameters = await _scopedHttpContextRequestForm.GetFormCollectionAsync(); var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType); if (grantType == null) { // check if this is deviceauthorizaiton. if (_httpContextAccessor.HttpContext.Request.Path.ToString().Contains("deviceauthorization")) { grantType = Constants.GrantType.DeviceAuthorization; } } switch (grantType) { case Constants.GrantType.DeviceCode: case Constants.GrantType.DeviceAuthorization: case Constants.GrantType.TokenExchangeMutate: case Constants.GrantType.TokenExchange: case Constants.GrantType.ArbitraryToken: case Constants.GrantType.ArbitraryIdentity: if (requestedScope.ParsedName == IdentityServerConstants.StandardScopes.OfflineAccess) { if (await IsClientAllowedOfflineAccessAsync(client)) { result.Resources.OfflineAccess = true; result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess)); } else { result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess); } } else { result.ParsedScopes.Add(requestedScope); } break; default: await base.ValidateScopeAsync(client, resourcesFromStore, requestedScope, result); break; } }
public async Task <string> CreateRefreshTokenAsync( ClaimsPrincipal subject, Token accessToken, Client client) { Logger.LogDebug("Creating refresh token"); int lifetime; if (client.RefreshTokenExpiration == TokenExpiration.Absolute) { Logger.LogDebug("Setting an absolute lifetime: {absoluteLifetime}", client.AbsoluteRefreshTokenLifetime); lifetime = client.AbsoluteRefreshTokenLifetime; } else { lifetime = client.SlidingRefreshTokenLifetime; if (client.AbsoluteRefreshTokenLifetime > 0 && lifetime > client.AbsoluteRefreshTokenLifetime) { Logger.LogWarning( "Client {clientId}'s configured " + nameof(client.SlidingRefreshTokenLifetime) + " of {slidingLifetime} exceeds its " + nameof(client.AbsoluteRefreshTokenLifetime) + " of {absoluteLifetime}. The refresh_token's sliding lifetime will be capped to the absolute lifetime", client.ClientId, lifetime, client.AbsoluteRefreshTokenLifetime); lifetime = client.AbsoluteRefreshTokenLifetime; } Logger.LogDebug("Setting a sliding lifetime: {slidingLifetime}", lifetime); } var formCollection = await _scopedHttpContextRequestForm.GetFormCollectionAsync(); var originGrantType = formCollection["grant_type"]; var refreshToken = new RefreshTokenExtra { CreationTime = Clock.UtcNow.UtcDateTime, Lifetime = lifetime, AccessToken = accessToken, OriginGrantType = originGrantType }; var handle = await RefreshTokenStore.StoreRefreshTokenAsync(refreshToken); return(handle); }
public async Task Invoke(HttpContext context, IScopedContext <TenantRequestContext> scopedTenantRequestContext, IScopedHttpContextRequestForm scopedHttpContextRequestForm, ITenantStore tenantStore) { try { // TODO: Probably should use regex here. string[] parts = context.Request.Path.Value.Split('/'); if (parts.Count() > 1) { string tenantName = parts[1]; scopedTenantRequestContext.Context.TenantName = tenantName; if (string.IsNullOrWhiteSpace(tenantName) || !await tenantStore.IsTenantValidAsync(tenantName)) { _logger.LogWarning($"TenantId={tenantName}, does not exist!"); context.Response.Clear(); context.Response.StatusCode = (int)HttpStatusCode.NotFound; await context.Response.WriteAsync(""); return; } StringBuilder sb = new StringBuilder(); sb.Append('/'); if (parts.Count() > 2) { for (int i = 2; i < parts.Count(); i++) { sb.Append(parts[i]); if (i < parts.Count() - 1) { sb.Append('/'); } } } string newPath = sb.ToString(); context.Request.Path = newPath; context.Request.PathBase = $"/{tenantName}"; switch (context.Request.Method) { case "GET": break; case "POST": if (context.Request.ContentType == "application/x-www-form-urlencoded") { scopedTenantRequestContext.Context.FormCollection = await scopedHttpContextRequestForm.GetFormCollectionAsync(); } break; } } } catch (Exception ex) { _logger.LogCritical(ex, "Unhandled exception: {exception}", ex.Message); throw; } await _next(context); }