/// <summary> /// Refreshes an access token. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <param name="extraParameters">The extra parameters.</param> /// <returns> /// A token response. /// </returns> public virtual async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, object extraParameters = null) { _logger.LogTrace("RefreshTokenAsync"); await EnsureConfigurationAsync(); var client = TokenClientFactory.Create(_options); var response = await client.RequestRefreshTokenAsync(refreshToken, extra : extraParameters); if (response.IsError) { return(new RefreshTokenResult { Error = response.Error }); } // validate token response var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse); if (validationResult.IsError) { return(new RefreshTokenResult { Error = validationResult.Error }); } return(new RefreshTokenResult { IdentityToken = response.IdentityToken, AccessToken = response.AccessToken, RefreshToken = response.RefreshToken, ExpiresIn = (int)response.ExpiresIn, AccessTokenExpiration = DateTime.Now.AddSeconds(response.ExpiresIn) }); }
/// <summary> /// Refreshes an access token. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <returns>A token response.</returns> public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken) { _logger.LogTrace("RefreshTokenAsync"); await EnsureConfigurationAsync(); var client = TokenClientFactory.Create(_options); var response = await client.RequestRefreshTokenAsync(refreshToken); if (response.IsError) { return(new RefreshTokenResult { Error = response.Error }); } // validate token response var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse); if (validationResult.IsError) { return(new RefreshTokenResult { Error = validationResult.Error }); } return(new RefreshTokenResult { IdentityToken = response.IdentityToken, AccessToken = response.AccessToken, RefreshToken = response.RefreshToken, ExpiresIn = (int)response.ExpiresIn }); }
/// <summary> /// Starts a refresh token request. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <returns>A refresh token result</returns> public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken) { var client = await TokenClientFactory.CreateAsync(_options); var response = await client.RequestRefreshTokenAsync(refreshToken); if (response.IsError) { return(new RefreshTokenResult { Error = response.Error }); } // validate token response var validationResult = await _validator.ValidateTokenResponse(response, requireIdentityToken : false); if (!validationResult.Success) { return(new RefreshTokenResult { Error = validationResult.Error }); } return(new RefreshTokenResult { AccessToken = response.AccessToken, RefreshToken = response.RefreshToken, ExpiresIn = (int)response.ExpiresIn }); }
private TokenClient GetTokenClient() { if (_tokenClient == null) { _tokenClient = TokenClientFactory.Create(_options); } return(_tokenClient); }
/// <summary> /// Refreshes an access token. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <returns>A token response.</returns> public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, Task <RsaSecurityKey> pregeneratedPopKeyTask = null) { if (string.IsNullOrEmpty(refreshToken)) { throw new ArgumentException("refreshToken"); } _logger.LogTrace("RefreshTokenAsync"); await EnsureConfigurationAsync().ConfigureAwait(false); var client = TokenClientFactory.Create(_options); TokenResponse response; SigningCredentials popSigner = null; if (_options.RequestPopTokens) { //-- PoP Key Creation _logger.LogTrace("CreateProviderForPopToken"); var popKey = await(pregeneratedPopKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false); var jwk = popKey.ToJwk(); response = await client.RequestRefreshTokenPopAsync(refreshToken, jwk.Alg, jwk.ToJwkString()).ConfigureAwait(false); popSigner = new SigningCredentials(popKey, "RS256"); } else { response = await client.RequestRefreshTokenAsync(refreshToken).ConfigureAwait(false); } if (response.IsError) { return(new RefreshTokenResult { Error = response.Error }); } // validate token response var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse).ConfigureAwait(false); if (validationResult.IsError) { return(new RefreshTokenResult { Error = validationResult.Error }); } return(new RefreshTokenResult { IdentityToken = response.IdentityToken, AccessToken = response.AccessToken, RefreshToken = response.RefreshToken, ExpiresIn = (int)response.ExpiresIn, PopTokenKey = popSigner }); }
private async Task <TokenClient> GetTokenClientAsync() { if (_tokenClient == null) { _tokenClient = await TokenClientFactory.CreateAsync(_options); } return(_tokenClient); }
private async Task <LoginResult> ProcessClaimsAsync(ResponseValidationResult result) { Logger.Debug("Processing claims"); // get profile if enabled if (_options.LoadProfile) { Logger.Debug("load profile"); var userInfoResult = await GetUserInfoAsync(result.TokenResponse.AccessToken); if (!userInfoResult.Success) { return(new LoginResult(userInfoResult.Error)); } Logger.Debug("profile claims:"); Logger.LogClaims(userInfoResult.Claims); var primaryClaimTypes = result.Claims.Select(c => c.Type).Distinct(); foreach (var claim in userInfoResult.Claims.Where(c => !primaryClaimTypes.Contains(c.Type))) { result.Claims.Add(claim); } } else { Logger.Debug("don't load profile"); } // success var loginResult = new LoginResult { Claims = FilterClaims(result.Claims), AccessToken = result.TokenResponse.AccessToken, RefreshToken = result.TokenResponse.RefreshToken, AccessTokenExpiration = DateTime.Now.AddSeconds(result.TokenResponse.ExpiresIn), IdentityToken = result.TokenResponse.IdentityToken, AuthenticationTime = DateTime.Now }; if (!string.IsNullOrWhiteSpace(result.TokenResponse.RefreshToken)) { var providerInfo = await _options.GetProviderInformationAsync(); loginResult.Handler = new RefeshTokenHandler( await TokenClientFactory.CreateAsync(_options), result.TokenResponse.RefreshToken, result.TokenResponse.AccessToken); } return(loginResult); }
/// <summary> /// Processes the authorize response. /// </summary> /// <param name="data">The response data.</param> /// <param name="state">The state.</param> /// <returns>Result of the login response validation</returns> public async Task <LoginResult> ProcessResponseAsync(string data, AuthorizeState state) { _logger.LogTrace("ProcessResponseAsync"); _logger.LogInformation("Processing response."); await EnsureConfigurationAsync(); _logger.LogDebug("Authorize response: {response}", data); var authorizeResponse = new AuthorizeResponse(data); if (authorizeResponse.IsError) { _logger.LogError(authorizeResponse.Error); return(new LoginResult(authorizeResponse.Error)); } var result = await _processor.ProcessResponseAsync(authorizeResponse, state); if (result.IsError) { _logger.LogError(result.Error); return(new LoginResult(result.Error)); } var userInfoClaims = Enumerable.Empty <Claim>(); if (_options.LoadProfile) { var userInfoResult = await GetUserInfoAsync(result.TokenResponse.AccessToken); if (userInfoResult.IsError) { var error = $"Error contacting userinfo endpoint: {userInfoResult.Error}"; _logger.LogError(error); return(new LoginResult(error)); } userInfoClaims = userInfoResult.Claims; var userInfoSub = userInfoClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject); if (userInfoSub == null) { var error = "sub claim is missing from userinfo endpoint"; _logger.LogError(error); return(new LoginResult(error)); } if (!string.Equals(userInfoSub.Value, result.User.FindFirst(JwtClaimTypes.Subject).Value)) { var error = "sub claim from userinfo endpoint is different than sub claim from identity token."; _logger.LogError(error); return(new LoginResult(error)); } } var user = ProcessClaims(result.User, userInfoClaims); var loginResult = new LoginResult { User = user, AccessToken = result.TokenResponse.AccessToken, RefreshToken = result.TokenResponse.RefreshToken, AccessTokenExpiration = DateTime.Now.AddSeconds(result.TokenResponse.ExpiresIn), IdentityToken = result.TokenResponse.IdentityToken, AuthenticationTime = DateTime.Now }; if (!string.IsNullOrWhiteSpace(loginResult.RefreshToken)) { loginResult.RefreshTokenHandler = new RefreshTokenHandler( TokenClientFactory.Create(_options), loginResult.RefreshToken, loginResult.AccessToken); } return(loginResult); }