/// <summary> /// Refreshes the OAuth 2.0 access token using the refresh token provided. /// </summary> /// <param name="pluginConfiguration">The configuration for the OAuth 2.0 identity provider.</param> /// <param name="refreshToken">The refresh token.</param> /// <param name="setHttpHeaders">If true, <see cref="AddAuthorizationHeader"/> will be called automatically.</param> /// <param name="token">A cancellation token for the task.</param> /// <returns>The updated access token data.</returns> public async Task <OAuth2TokenResponse> RefreshOAuth2TokenAsync( OAuth2Configuration pluginConfiguration, string refreshToken, bool setHttpHeaders = true, CancellationToken token = default(CancellationToken)) { // Sanity. if (null == pluginConfiguration) { throw new ArgumentNullException(nameof(pluginConfiguration)); } if (string.IsNullOrWhiteSpace(refreshToken)) { throw new ArgumentException("The OAuth 2.0 refresh token cannot be empty.", nameof(refreshToken)); } // Create the request, adding the mandatory items. var tokenEndpoint = new Uri(pluginConfiguration.TokenEndpoint, uriKind: UriKind.Absolute); var request = new RestSharp.RestRequest(tokenEndpoint.PathAndQuery, RestSharp.Method.POST); request.AddParameter("grant_type", "refresh_token"); request.AddParameter("refresh_token", refreshToken); request.AddParameter("redirect_uri", pluginConfiguration.GetAppropriateRedirectUri()); // Add the client id. If there's a realm then use that here too. request.AddParameter( "client_id", string.IsNullOrWhiteSpace(pluginConfiguration.SiteRealm) ? pluginConfiguration.ClientID // If no site realm is supplied, just pass the client ID. : $"{pluginConfiguration.ClientID}@{pluginConfiguration.SiteRealm}" // Otherwise pass client ID @ site realm. ); // Add the optional bits. request.AddParameterIfNotNullOrWhitespace("resource", pluginConfiguration.Resource); request.AddParameterIfNotNullOrWhitespace("scope", pluginConfiguration.Scope); request.AddParameterIfNotNullOrWhitespace("client_secret", pluginConfiguration.ClientSecret); // Make a post to the token endpoint. // NOTE: We must use a new RestClient here otherwise it'll try and add the token endpoint to the MFWA base url. var restClient = new RestSharp.RestClient(tokenEndpoint.GetLeftPart(UriPartial.Authority)); var response = await restClient.ExecutePostTaskAsync <OAuth2TokenResponse>(request, token); // Validate response. if (null == response.Data || response.Data.TokenType != "Bearer") { throw new InvalidOperationException("OAuth token not received from endpoint, or token type was not bearer."); } // Set the authorisation header. if (setHttpHeaders) { this.AddAuthorizationHeader(pluginConfiguration, response.Data); } // Return the access token data. return(response.Data); }