public async Task <IHttpActionResult> Get()
{
Logger.Info("Start access token validation request");
if (!_settings.AccessTokenValidationEndpoint.Enabled)
{
Logger.Warn("Endpoint is disabled. Aborting");
return(NotFound());
}
var parameters = Request.RequestUri.ParseQueryString();
var token = parameters.Get("token");
if (token.IsMissing())
{
Logger.Error("token is missing.");
return(BadRequest("token is missing."));
}
var result = await _validator.ValidateAccessTokenAsync(token, parameters.Get("expectedScope"));
if (result.IsError)
{
Logger.Info("Returning error: " + result.Error);
return(BadRequest(result.Error));
}
var response = result.Claims.Select(c => new { c.Type, c.Value });
Logger.Debug(JsonConvert.SerializeObject(response, Formatting.Indented));
Logger.Info("Returning access token claims");
return(Json(response));
}
public async Task<IHttpActionResult> Get(HttpRequestMessage request)
{
Logger.Info("Start userinfo request");
if (!_options.UserInfoEndpoint.IsEnabled)
{
Logger.Warn("Endpoint is disabled. Aborting");
return NotFound();
}
var authorizationHeader = request.Headers.Authorization;
if (authorizationHeader == null ||
!authorizationHeader.Scheme.Equals(Constants.TokenTypes.Bearer) ||
authorizationHeader.Parameter.IsMissing())
{
return Error(Constants.ProtectedResourceErrors.InvalidToken);
}
var result = await _tokenValidator.ValidateAccessTokenAsync(
authorizationHeader.Parameter,
Constants.StandardScopes.OpenId);
if (result.IsError)
{
return Error(result.Error);
}
// pass scopes/claims to profile service
var subject = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject).Value;
var scopes = result.Claims.Where(c => c.Type == Constants.ClaimTypes.Scope).Select(c => c.Value);
var payload = await _generator.ProcessAsync(subject, scopes);
return new UserInfoResult(payload);
}
public async Task <IHttpActionResult> Get()
{
var parameters = Request.RequestUri.ParseQueryString();
var token = parameters.Get("token");
if (token.IsMissing())
{
return(BadRequest("token is missing."));
}
var result = await _validator.ValidateAccessTokenAsync(token, parameters.Get("expectedScope"));
if (result.IsError)
{
return(BadRequest(result.Error));
}
return(Ok(result.Claims.Select(c => new { c.Type, c.Value })));
}
public async Task Create_and_Validate_JWT_AccessToken_Valid()
{
var tokenService = new DefaultTokenService(
null,
_settings,
null,
null);
var token = new Token(Constants.TokenTypes.AccessToken)
{
Audience = string.Format(Constants.AccessTokenAudience, _settings.GetIssuerUri()),
Issuer = _settings.GetIssuerUri(),
Lifetime = 60,
Client = await _settings.FindClientByIdAsync("client")
};
var jwt = await tokenService.CreateSecurityTokenAsync(token);
var validator = new TokenValidator(_settings, null, null, new DebugLogger());
var result = await validator.ValidateAccessTokenAsync(jwt);
Assert.IsFalse(result.IsError);
Assert.IsNotNull(result.Claims);
}
