private async Task <IEndpointResult> ProcessTokenRequestAsync(HttpContext context)
{
_logger.LogDebug("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
if (clientResult.Client == null)
{
return(Error(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var requestResult = await _requestValidator.ValidateRequestAsync(
(await context.Request.ReadFormAsync()).AsNameValueCollection(),
clientResult.Client);
if (requestResult.IsError)
{
return(Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult);
// return result
_logger.LogDebug("Token request success.");
return(new TokenResult(response));
}
private async Task <IdpTokenResponse> GetIdpToken(NameValueCollection parameters)
{
var clientResult = await _clientValidator.ValidateAsync(_httpContextAccessor.HttpContext);
if (clientResult.IsError)
{
return(new IdpTokenResponse {
Custom = new Dictionary <string, object> {
{ "Error", "invalid_client" }, { "ErrorDescription", "Invalid client/secret combination" }
}
});
}
var validationResult = await _requestValidator.ValidateRequestAsync(parameters, clientResult);
if (validationResult.IsError)
{
return(new IdpTokenResponse {
Custom = new Dictionary <string, object> {
{ "Error", validationResult.Error }, { "ErrorDescription", validationResult.ErrorDescription }
}
});
}
return(await _responseGenerator.ProcessAsync(validationResult));
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
_logger.LogTrace("Start token request.");
// validate HTTP
if (context.HttpContext.Request.Method != "POST" || !context.HttpContext.Request.HasFormContentType)
{
// todo logging
return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidRequest));
}
// validate client
var clientResult = await _clientValidator.ValidateAsync(context.HttpContext);
if (clientResult.Client == null)
{
return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var requestResult = await _requestValidator.ValidateRequestAsync(
context.HttpContext.Request.Form.AsNameValueCollection(),
clientResult.Client);
if (requestResult.IsError)
{
return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest);
// return result
return(new TokenResult(response));
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(HttpContext context)
{
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
if (clientResult.Client == null)
{
return(Error(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
var requestResult = await _requestValidator.ValidateRequestAsync(form, clientResult);
if (requestResult.IsError)
{
await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
return(Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult);
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
// return result
return(new TokenResult(response));
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(IdentityServerContext context)
{
_logger.LogInformation("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context.HttpContext);
if (clientResult.Client == null)
{
return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var requestResult = await _requestValidator.ValidateRequestAsync(
context.HttpContext.Request.Form.AsNameValueCollection(),
clientResult.Client);
if (requestResult.IsError)
{
return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest);
// return result
_logger.LogInformation("Token request success.");
return(new TokenResult(response));
}
public async Task <TokenRawResult> ProcessRawAsync(IFormCollection formCollection)
{
_logger.LogTrace("Processing token request.");
var rawResult = new TokenRawResult();
// validate HTTP
if (formCollection.IsNullOrEmpty())
{
_logger.LogWarning($"Invalid {nameof(formCollection)} for token endpoint");
rawResult.TokenErrorResult = Error(OidcConstants.TokenErrors.InvalidRequest);
return(rawResult);
}
var clientId = formCollection[OidcConstants.TokenRequest.ClientId];
var client = await _clients.FindEnabledClientByIdAsync(clientId);
if (client == null)
{
_logger.LogError($"No client with id '{clientId}' found. aborting");
rawResult.TokenErrorResult = Error($"{OidcConstants.TokenRequest.ClientId} bad",
$"No client with id '{clientId}' found. aborting");
return(rawResult);
}
var clientSecretValidationResult = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = null
};
// validate request
var form = formCollection.AsNameValueCollection();
_logger.LogTrace("Calling into token request validator: {type}", _requestValidator.GetType().FullName);
var requestResult = await _requestValidator.ValidateRequestAsync(form, clientSecretValidationResult);
if (requestResult.IsError)
{
await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
rawResult.TokenErrorResult = Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse);
return(rawResult);
}
// create response
_logger.LogTrace("Calling into token request response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.ProcessAsync(requestResult);
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
LogTokens(response, requestResult);
// return result
_logger.LogDebug("Token request success.");
rawResult.TokenResult = new TokenResult(response);
return(rawResult);
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(HttpContext context)
{
_logger.LogDebug("Start token request.");
// validate request
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
var userName = form.Get(OidcConstants.TokenRequest.UserName);
var password = form.Get(OidcConstants.TokenRequest.Password);
var scope = form.Get(OidcConstants.TokenRequest.Scope);
if (scope == "phone_number")
{
var getUserByPhoneNumber = await _usersService.GetByPhoneNumberOTP(userName, password);
if (getUserByPhoneNumber != null)
{
form.Remove("username");
form.Remove("password");
form.Remove("scope");
form.Add("username", getUserByPhoneNumber.Username);
form.Add("password", getUserByPhoneNumber.Password);
scope = null;
//form.Add("scope", "openid");
}
}
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
if (clientResult.Client == null)
{
return(Error(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
//var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
_logger.LogTrace("Calling into token request validator: {type}", _requestValidator.GetType().FullName);
var requestResult = await _requestValidator.ValidateRequestAsync(form, clientResult);
if (requestResult.IsError)
{
await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
return(Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse));
}
// create response
_logger.LogTrace("Calling into token request response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.ProcessAsync(requestResult);
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
LogTokens(response, requestResult);
// return result
_logger.LogDebug("Token request success.");
return(new TokenResult(response));
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(HttpContext context)
{
_logger.LogTrace("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
if (clientResult.Client == null)
{
_logger.LogDebug("Invalid client");
return(Error(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
if (_logger.IsEnabled(LogLevel.Trace))
{
_logger.LogTrace("Calling into token request validator: {type}", _requestValidator.GetType().FullName);
}
var requestResult = await _requestValidator.ValidateRequestAsync(form, clientResult);
if (requestResult.IsError)
{
_logger.LogDebug("Token issued failure");
await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
return(Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse));
}
_logger.LogDebug("Get IP address and device type");
requestResult.ValidatedRequest.ClientIp = context.GetRequestIp();
requestResult.ValidatedRequest.Device = context
.GetHeaderValueAs <string>("User-Agent")
.GetDevice();
// create response
if (_logger.IsEnabled(LogLevel.Trace))
{
_logger.LogTrace("Calling into token request response generator: {type}", _responseGenerator.GetType().FullName);
}
var response = await _responseGenerator.ProcessAsync(requestResult);
_logger.LogTrace("Raise token issued successfully event");
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
LogTokens(response, requestResult);
// return result
_logger.LogDebug("Token request success.");
return(new TokenResult(response));
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(HttpContext context)
{
_logger.LogDebug("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context);
if (clientResult.Client == null)
{
return(Error(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
_logger.LogTrace("Calling into token request validator: {type}", _requestValidator.GetType().FullName);
var requestResult = await _requestValidator.ValidateRequestAsync(form, clientResult);
if (requestResult.IsError)
{
await _events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
return(Error(requestResult.Error, requestResult.ErrorDescription, requestResult.CustomResponse));
}
// create response
_logger.LogTrace("Calling into token request response generator: {type}", _responseGenerator.GetType().FullName);
var response = await _responseGenerator.ProcessAsync(requestResult);
await _events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
LogTokens(response, requestResult);
// return result
_logger.LogDebug("Token request success.");
return(new TokenResult(response));
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var refreshToken = context.Request.Raw.Get("refresh_token");
var clientId = context.Request.Raw.Get("client_id");
if (string.IsNullOrEmpty(refreshToken))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
return;
}
if (string.IsNullOrEmpty(clientId))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient);
return;
}
var index = clientId.IndexOf(PrependPublic);
if (index != 0)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient);
return;
}
var client = await _clientStore.FindClientByIdAsync(clientId);
if (client == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient);
return;
}
var originalClientId = clientId.Substring(PrependPublicIndex);
if (string.IsNullOrEmpty(originalClientId))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient);
return;
}
var originalClient = await _clientStore.FindClientByIdAsync(originalClientId);
if (originalClient == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient);
return;
}
NameValueCollection nvc = new NameValueCollection
{
{ OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.RefreshToken },
{ OidcConstants.TokenRequest.RefreshToken, refreshToken }
};
_validatedRequest = new ValidatedTokenRequest
{
Raw = nvc,
Client = originalClient,
Options = _options
};
var result = await ValidateRefreshTokenRequestAsync(nvc);
if (result.IsError)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
return;
}
result.ValidatedRequest.GrantType = OidcConstants.GrantTypes.RefreshToken;
result.ValidatedRequest.AccessTokenLifetime = result.ValidatedRequest.Client.AccessTokenLifetime;
var refreshResponse = await _tokenResponseGenerator.ProcessAsync(result);
var dto = new ResultDto
{
access_token = refreshResponse.AccessToken,
refresh_token = refreshResponse.RefreshToken,
expires_in = refreshResponse.AccessTokenLifetime,
token_type = OidcConstants.TokenResponse.BearerTokenType
};
var response = new Dictionary <string, object>
{
{ "inner_response", dto }
};
context.Result = new GrantValidationResult(customResponse: response);
}
public virtual async Task <IdentityUtilsResult <TokenResponse> > GetToken(TokenRequest request)
{
var config = HttpContext.RequestServices.GetService(typeof(IIdentityUtilsAuthenticationConfig)) as IIdentityUtilsAuthenticationConfig;
request.ClientId = config?.ClientId ?? request.ClientId;
HttpContext.Request.Form = new FormCollection(new Dictionary <string, StringValues>
{
{ "client_id", request.ClientId },
{ "grant_type", request.GrantType },
{ "username", request.Username },
{ "password", request.Password },
{ "refresh_token", request.RefreshToken },
});
// validate client
var client = await clientStore.FindEnabledClientByIdAsync(request.ClientId);
var invalidClient = !client.AllowedGrantTypes.Intersect(GrantTypes.ResourceOwnerPassword).Any() && !(request.GrantType == AuthenticationConstants.GrantTypeRefreshToken);
if (client == null || invalidClient)
{
return(IdentityUtilsResult <TokenResponse> .ErrorResult($"Client id not found or invalid grant type"));
}
var clientResult = new ClientSecretValidationResult
{
IsError = false,
Client = client
};
var form = new NameValueCollection
{
{ "client_id", request.ClientId },
{ "grant_type", request.GrantType },
{ "refresh_token", request.RefreshToken },
{ "username", request.Username },
{ "password", request.Password },
};
// validate request
var requestResult = await requestValidator.ValidateRequestAsync(form, clientResult);
if (requestResult.IsError)
{
await events.RaiseAsync(new TokenIssuedFailureEvent(requestResult));
return(IdentityUtilsResult <TokenResponse> .ErrorResult($"{requestResult.Error} - {requestResult.ErrorDescription}"));
}
// create response
var response = await responseGenerator.ProcessAsync(requestResult);
await events.RaiseAsync(new TokenIssuedSuccessEvent(response, requestResult));
// return result
var tokenResponse = new TokenResponse
{
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
Lifetime = response.AccessTokenLifetime,
Scopes = response.Scope.Split(' ')
};
return(IdentityUtilsResult <TokenResponse> .SuccessResult(tokenResponse));
}