/// <summary> /// Is Valid OAuth 2.0 Access Token Request or OIDC Token Request. /// </summary> public static void Validate(this TokenRequest request) { if (request == null) { new ArgumentNullException(nameof(request)); } if (request.GrantType.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(request.GrantType), request.GetTypeName()); } if (request.GrantType == IdentityConstants.GrantTypes.AuthorizationCode) { if (request.Code.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(request.Code), request.GetTypeName()); } } else if (request.GrantType == IdentityConstants.GrantTypes.RefreshToken) { if (request.RefreshToken.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(request.RefreshToken), request.GetTypeName()); } } else if (request.GrantType == IdentityConstants.GrantTypes.ClientCredentials) { if (request.ClientId.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(request.ClientId), request.GetTypeName()); } } else if (request.GrantType == IdentityConstants.GrantTypes.Delegation) { if (request.Assertion.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(request.Assertion), request.GetTypeName()); } } request.GrantType.ValidateMaxLength(IdentityConstants.MessageLength.GrantTypeMax, nameof(request.GrantType), request.GetTypeName()); request.Code.ValidateMaxLength(IdentityConstants.MessageLength.CodeMax, nameof(request.Code), request.GetTypeName()); request.RefreshToken.ValidateMaxLength(IdentityConstants.MessageLength.RefreshTokenMax, nameof(request.RefreshToken), request.GetTypeName()); request.Assertion.ValidateMaxLength(IdentityConstants.MessageLength.AssertionMax, nameof(request.Assertion), request.GetTypeName()); request.RedirectUri.ValidateMaxLength(IdentityConstants.MessageLength.RedirectUriMax, nameof(request.RedirectUri), request.GetTypeName()); request.ClientId.ValidateMaxLength(IdentityConstants.MessageLength.ClientIdMax, nameof(request.ClientId), request.GetTypeName()); request.Scope.ValidateMaxLength(IdentityConstants.MessageLength.ScopeMax, nameof(request.Scope), request.GetTypeName()); request.Username.ValidateMaxLength(IdentityConstants.MessageLength.UsernameMax, nameof(request.Username), request.GetTypeName()); request.Password.ValidateMaxLength(IdentityConstants.MessageLength.PasswordMax, nameof(request.Password), request.GetTypeName()); }
protected async Task ValidateSecret(TClient client, TokenRequest tokenRequest, ClientCredentials clientCredentials) { if (tokenRequest.ClientId.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(tokenRequest.ClientId), tokenRequest.GetTypeName()); } clientCredentials.Validate(); if (client?.Secrets.Count() <= 0) { throw new OAuthRequestException($"Invalid client secret. Secret not configured for client id '{tokenRequest.ClientId}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidGrant }; } foreach (var secret in client.Secrets) { if (await secretHashLogic.ValidateSecretAsync(secret, clientCredentials.ClientSecret)) { logger.ScopeTrace($"Down, OAuth Client id '{tokenRequest.ClientId}. Client secret valid.", triggerEvent: true); return; } } throw new OAuthRequestException($"Invalid client secret for client id '{tokenRequest.ClientId}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidGrant }; }
protected void ValidateAuthCodeRequest(TClient client, TokenRequest tokenRequest) { tokenRequest.Validate(); if (tokenRequest.RedirectUri.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(tokenRequest.RedirectUri), tokenRequest.GetTypeName()); } if (!client.RedirectUris.Any(u => u.Equals(tokenRequest.RedirectUri, StringComparison.InvariantCultureIgnoreCase))) { throw new OAuthRequestException($"Invalid redirect Uri '{tokenRequest.RedirectUri}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidGrant }; } if (!client.ClientId.Equals(tokenRequest.ClientId, StringComparison.InvariantCultureIgnoreCase)) { throw new OAuthRequestException($"Invalid client id '{tokenRequest.ClientId}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidClient }; } }