예제 #1
0
        /// <summary>Validates the refresh token.</summary>
        /// <param name="refreshTokens">The refresh tokens to validate against.</param>
        /// <param name="token">The token.</param>
        /// <returns>The token principal if valid, <c>null</c> otherwise.</returns>
        public async Task <TokenValidationResult <IRefreshToken> > ValidateRefreshToken(IEnumerable <IRefreshToken> refreshTokens, string token)
        {
            var entity = refreshTokens.FirstOrDefault(x => this.configuration.CryptoProvider.ValidateHash(token, x.Token));

            if (entity != null)
            {
                var identity = new SentinelIdentity(
                    AuthenticationType.OAuth,
                    new SentinelClaim(ClaimType.Name, entity.Subject),
                    new SentinelClaim(ClaimType.Client, entity.ClientId),
                    new SentinelClaim(ClaimType.RedirectUri, entity.RedirectUri));

                if (entity.Scope != null)
                {
                    identity.AddClaim(ClaimType.Scope, string.Join(" ", entity.Scope));
                }

                if (identity.IsAuthenticated)
                {
                    return(new TokenValidationResult <IRefreshToken>(new SentinelPrincipal(identity), entity));
                }
            }

            return(new TokenValidationResult <IRefreshToken>(SentinelPrincipal.Anonymous, null));
        }
예제 #2
0
        /// <summary>
        /// Creates an authorization code.
        /// </summary>
        /// <param name="context">The authentication context.</param>
        /// <returns/>
        public void CreateAuthorizationCode(AuthenticationTokenCreateContext context)
        {
            this.options.Logger.DebugFormat("Creating authorization code for client '{0}' and redirect uri '{1}'", context.Request.Query["client_id"], context.Request.Query["redirect_uri"]);

            var tcs = new TaskCompletionSource <string>();

            Task.Run(
                async() =>
            {
                try
                {
                    var identity = new SentinelIdentity(AuthenticationType.OAuth, context.Ticket.Identity.Claims.Select(x => new SentinelClaim(x.Type, x.Value)).ToArray());

                    // Overwrite client claim
                    identity.RemoveClaim(x => x.Type == ClaimType.Client);
                    identity.AddClaim(ClaimType.Client, context.Request.Query["client_id"]);

                    // Generate code
                    var createResult =
                        await
                        this.options.TokenManager.CreateAuthorizationCodeAsync(
                            new SentinelPrincipal(identity),
                            this.options.AuthorizationCodeLifetime,
                            context.Request.Query["redirect_uri"],
                            !string.IsNullOrEmpty(context.Request.Query["scope"])
                                    ? context.Request.Query["scope"].Split(' ')
                                    : null);

                    tcs.SetResult(createResult.Token);
                }
                catch (Exception ex)
                {
                    tcs.SetException(ex);
                }
            }).ConfigureAwait(false);

            context.SetToken(tcs.Task.Result);

            this.options.Logger.Debug("Created authorization code");
        }