public Task<ValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request) { return Task.FromResult(new ValidationResult { IsError = false }); }
private async Task<TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing authorization code request"); ////////////////////////// // access token ///////////////////////// var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; ////////////////////////// // refresh token ///////////////////////// if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } ////////////////////////// // id token ///////////////////////// if (request.AuthorizationCode.IsOpenId) { var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return response; }
private async Task <Tuple <string, string> > CreateAccessTokenAsync(ValidatedTokenRequest request) { Token accessToken; bool createRefreshToken; if (request.AuthorizationCode != null) { createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess); accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw); } else { createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope; accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw); } string refreshToken = ""; if (createRefreshToken) { refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(accessToken, request.Client); } var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken); return(Tuple.Create(securityToken, refreshToken)); }
public async Task <ValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client) { Logger.Info("Starting request validation"); _validatedRequest = new ValidatedTokenRequest(); if (client == null) { throw new ArgumentNullException("client"); } if (parameters == null) { throw new ArgumentNullException("parameters"); } _validatedRequest.Raw = parameters; _validatedRequest.Client = client; _validatedRequest.Options = _options; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = parameters.Get(Constants.TokenRequest.GrantType); if (grantType.IsMissing()) { Logger.Error("Grant type is missing."); return(Invalid(Constants.TokenErrors.UnsupportedGrantType)); } Logger.InfoFormat("Grant type: {0}", grantType); _validatedRequest.GrantType = grantType; switch (grantType) { case Constants.GrantTypes.AuthorizationCode: return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters)); case Constants.GrantTypes.ClientCredentials: return(await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters)); case Constants.GrantTypes.Password: return(await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters)); case Constants.GrantTypes.RefreshToken: return(await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters)); } if (parameters.Get(Constants.TokenRequest.Assertion).IsPresent()) { return(await RunValidationAsync(ValidateAssertionRequestAsync, parameters)); } Logger.ErrorFormat("Unsupported grant_type: {0}", grantType); return(Invalid(Constants.TokenErrors.UnsupportedGrantType)); }
public Task<ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request) { if (request.GrantType == "assertionType" && request.Assertion == "assertion") { return Task.FromResult(Principal.Create("Assertion", new Claim("sub", "bob"))); }; return Task.FromResult<ClaimsPrincipal>(null); }
private async Task<TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request) { var response = new TokenResponse { AccessToken = await CreateAccessTokenAsync(request), AccessTokenLifetime = request.Client.AccessTokenLifetime }; return response; }
private async Task <TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request) { var response = new TokenResponse { AccessToken = await CreateAccessTokenAsync(request), AccessTokenLifetime = request.Client.AccessTokenLifetime }; return(response); }
public async Task<ValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client) { Logger.Info("Starting request validation"); _validatedRequest = new ValidatedTokenRequest(); if (client == null) { throw new ArgumentNullException("client"); } if (parameters == null) { throw new ArgumentNullException("parameters"); } _validatedRequest.Raw = parameters; _validatedRequest.Client = client; _validatedRequest.Settings = _settings; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = parameters.Get(Constants.TokenRequest.GrantType); if (grantType.IsMissing()) { Logger.Error("Grant type is missing."); return Invalid(Constants.TokenErrors.UnsupportedGrantType); } Logger.InfoFormat("Grant type: {0}", grantType); _validatedRequest.GrantType = grantType; switch (grantType) { case Constants.GrantTypes.AuthorizationCode: return await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters); case Constants.GrantTypes.ClientCredentials: return await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters); case Constants.GrantTypes.Password: return await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters); case Constants.GrantTypes.RefreshToken: return await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters); } if (parameters.Get(Constants.TokenRequest.Assertion).IsPresent()) { return await RunValidationAsync(ValidateAssertionRequestAsync, parameters); } Logger.ErrorFormat("Unsupported grant_type: {0}", grantType); return Invalid(Constants.TokenErrors.UnsupportedGrantType); }
public async Task<TokenResponse> ProcessAsync(ValidatedTokenRequest request) { if (request.GrantType == Constants.GrantTypes.AuthorizationCode) { return await ProcessAuthorizationCodeRequestAsync(request); } else if (request.GrantType == Constants.GrantTypes.ClientCredentials || request.GrantType == Constants.GrantTypes.Password) { return await ProcessTokenRequestAsync(request); } throw new InvalidOperationException("Unknown grant type."); }
private async Task<string> CreateAccessTokenAsync(ValidatedTokenRequest request) { Token accessToken; if (request.AuthorizationCode != null) { accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw); } else { accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw); } return await _tokenService.CreateSecurityTokenAsync(accessToken); }
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request) { if (request.GrantType == Constants.GrantTypes.AuthorizationCode) { return(await ProcessAuthorizationCodeRequestAsync(request)); } else if (request.GrantType == Constants.GrantTypes.ClientCredentials || request.GrantType == Constants.GrantTypes.Password) { return(await ProcessTokenRequestAsync(request)); } throw new InvalidOperationException("Unknown grant type."); }
private async Task <string> CreateAccessTokenAsync(ValidatedTokenRequest request) { Token accessToken; if (request.AuthorizationCode != null) { accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw); } else { accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw); } return(await _tokenService.CreateSecurityTokenAsync(accessToken)); }
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request) { Logger.Info("Creating token response"); if (request.GrantType == Constants.GrantTypes.AuthorizationCode) { return(await ProcessAuthorizationCodeRequestAsync(request)); } else if (request.GrantType == Constants.GrantTypes.ClientCredentials || request.GrantType == Constants.GrantTypes.Password || request.Assertion.IsPresent()) { return(await ProcessTokenRequestAsync(request)); } throw new InvalidOperationException("Unknown grant type."); }
public async Task<TokenResponse> ProcessAsync(ValidatedTokenRequest request) { Logger.Info("Creating token response"); if (request.GrantType == Constants.GrantTypes.AuthorizationCode) { return await ProcessAuthorizationCodeRequestAsync(request); } else if (request.GrantType == Constants.GrantTypes.ClientCredentials || request.GrantType == Constants.GrantTypes.Password || request.Assertion.IsPresent()) { return await ProcessTokenRequestAsync(request); } throw new InvalidOperationException("Unknown grant type."); }
private async Task<TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { var response = new TokenResponse { AccessToken = await CreateAccessTokenAsync(request), AccessTokenLifetime = request.Client.AccessTokenLifetime }; if (request.AuthorizationCode.IsOpenId) { var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return response; }
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing authorization code request"); ////////////////////////// // access token ///////////////////////// var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; ////////////////////////// // refresh token ///////////////////////// if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } ////////////////////////// // id token ///////////////////////// if (request.AuthorizationCode.IsOpenId) { var tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = request.AuthorizationCode.Client, Scopes = request.AuthorizationCode.RequestedScopes, ValidatedRequest = request }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return(response); }
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request) { Logger.Info("Creating token response"); if (request.GrantType == Constants.GrantTypes.AuthorizationCode) { return(await ProcessAuthorizationCodeRequestAsync(request)); } if (request.GrantType == Constants.GrantTypes.RefreshToken) { return(await ProcessRefreshTokenRequestAsync(request)); } return(await ProcessTokenRequestAsync(request)); throw new InvalidOperationException("Unknown grant type."); }
private async Task <TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing token request"); var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } return(response); }
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { var response = new TokenResponse { AccessToken = await CreateAccessTokenAsync(request), AccessTokenLifetime = request.Client.AccessTokenLifetime }; if (request.AuthorizationCode.IsOpenId) { var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return(response); }
private async Task <TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing refresh token request"); var oldAccessToken = request.RefreshToken.AccessToken; oldAccessToken.CreationTime = DateTime.UtcNow; oldAccessToken.Lifetime = request.Client.AccessTokenLifetime; var newAccessToken = await _tokenService.CreateSecurityTokenAsync(oldAccessToken); var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshToken, request.Client); return(new TokenResponse { AccessToken = newAccessToken, AccessTokenLifetime = request.Client.AccessTokenLifetime, RefreshToken = handle }); }
public Task<ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request, IUserService users) { return Task.FromResult<ClaimsPrincipal>(null); }
private async Task<TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing token request"); var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } return response; }
private async Task<Tuple<string, string>> CreateAccessTokenAsync(ValidatedTokenRequest request) { Token accessToken; bool createRefreshToken; if (request.AuthorizationCode != null) { createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess); accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw); } else { createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope; accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw); } string refreshToken = ""; if (createRefreshToken) { refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(accessToken, request.Client); } var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken); return Tuple.Create(securityToken, refreshToken); }
private async Task<TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing refresh token request"); var oldAccessToken = request.RefreshToken.AccessToken; oldAccessToken.CreationTime = DateTime.UtcNow; oldAccessToken.Lifetime = request.Client.AccessTokenLifetime; var newAccessToken = await _tokenService.CreateSecurityTokenAsync(oldAccessToken); var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshToken, request.Client); return new TokenResponse { AccessToken = newAccessToken, AccessTokenLifetime = request.Client.AccessTokenLifetime, RefreshToken = handle }; }