/// <summary>
/// Creates the refresh token.
/// </summary>
/// <param name="accessToken">The access token.</param>
/// <param name="client">The client.</param>
/// <returns>
/// The refresh token handle
/// </returns>
public async Task<string> CreateRefreshTokenAsync(Token accessToken, Client client)
{
Logger.Debug("Creating refresh token");
int lifetime;
if (client.RefreshTokenExpiration == TokenExpiration.Absolute)
{
Logger.Debug("Setting an absolute lifetime: " + client.AbsoluteRefreshTokenLifetime);
lifetime = client.AbsoluteRefreshTokenLifetime;
}
else
{
Logger.Debug("Setting a sliding lifetime: " + client.SlidingRefreshTokenLifetime);
lifetime = client.SlidingRefreshTokenLifetime;
}
var handle = CryptoRandom.CreateUniqueId();
var refreshToken = new RefreshToken
{
ClientId = client.ClientId,
CreationTime = DateTimeOffset.UtcNow,
LifeTime = lifetime,
AccessToken = accessToken
};
await _store.StoreAsync(handle, refreshToken);
return handle;
}
public async Task Expired_RefreshToken()
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token") { Client = new Client() { ClientId = "roclient" } },
LifeTime = 10,
CreationTime = DateTimeOffset.UtcNow.AddSeconds(-15)
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Valid_RefreshToken_Request_using_Restricted_Client()
{
var mock = new Mock<IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny<ClaimsPrincipal>())).Returns(Task.FromResult(true));
var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo");
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token")
{
Claims = new List<Claim> { subjectClaim },
Client = new Client { ClientId = "roclient_restricted_refresh"}
},
LifeTime = 600,
CreationTime = DateTimeOffset.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient_restricted_refresh");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
/// <summary>
/// Stores the data.
/// </summary>
/// <param name="key">The key.</param>
/// <param name="value">The value.</param>
/// <returns></returns>
public Task StoreAsync(string key, RefreshToken value)
{
_repository[key] = value;
return Task.FromResult<object>(null);
}
/// <summary>
/// Updates the refresh token.
/// </summary>
/// <param name="handle">The handle.</param>
/// <param name="refreshToken">The refresh token.</param>
/// <param name="client">The client.</param>
/// <returns>
/// The refresh token handle
/// </returns>
public async Task<string> UpdateRefreshTokenAsync(string handle, RefreshToken refreshToken, Client client)
{
Logger.Debug("Updating refresh token");
bool needsUpdate = false;
if (client.RefreshTokenUsage == TokenUsage.OneTimeOnly)
{
Logger.Debug("Token usage is one-time only. Generating new handle");
// generate new handle
needsUpdate = true;
}
if (client.RefreshTokenExpiration == TokenExpiration.Sliding)
{
Logger.Debug("Refresh token expiration is sliding - extending lifetime");
// make sure we don't exceed absolute exp
// cap it at absolute exp
var currentLifetime = refreshToken.CreationTime.GetLifetimeInSeconds();
Logger.Debug("Current lifetime: " + currentLifetime.ToString());
var newLifetime = currentLifetime + client.SlidingRefreshTokenLifetime;
Logger.Debug("New lifetime: " + newLifetime.ToString());
if (newLifetime > client.AbsoluteRefreshTokenLifetime)
{
newLifetime = client.AbsoluteRefreshTokenLifetime;
Logger.Debug("New lifetime exceeds absolute lifetime, capping it to " + newLifetime.ToString());
}
refreshToken.LifeTime = newLifetime;
needsUpdate = true;
}
if (needsUpdate)
{
// delete old one
await _store.RemoveAsync(handle);
// create new one
string newHandle = CryptoRandom.CreateUniqueId();
await _store.StoreAsync(newHandle, refreshToken);
Logger.Debug("Updated refresh token in store");
return newHandle;
}
Logger.Debug("No updates to refresh token done");
return handle;
}
/// <summary>
/// Raises the refresh token refreshed event.
/// </summary>
/// <param name="oldHandle">The old handle.</param>
/// <param name="newHandle">The new handle.</param>
/// <param name="token">The token.</param>
protected void RaiseRefreshTokenRefreshedEvent(string oldHandle, string newHandle, RefreshToken token)
{
_events.RaiseSuccessfulRefreshTokenRefreshEvent(oldHandle, newHandle, token);
}
/// <summary>
/// Raises the refresh token issued event.
/// </summary>
/// <param name="handle">The handle.</param>
/// <param name="token">The token.</param>
protected void RaiseRefreshTokenIssuedEvent(string handle, RefreshToken token)
{
_events.RaiseRefreshTokenIssuedEvent(handle, token);
}
private async Task<ValidatedTokenRequest> CreateValidatedRequest(Client client, IRefreshTokenStore store)
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token"),
ClientId = client.ClientId,
LifeTime = 600,
CreationTime = DateTime.UtcNow
};
var handle = Guid.NewGuid().ToString();
await store.StoreAsync(handle, refreshToken);
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
return validator.ValidatedRequest;
}
public async Task Client_has_no_OfflineAccess_Scope_anymore_at_RefreshToken_Request()
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token"),
ClientId = "roclient_restricted",
LifeTime = 600,
CreationTime = DateTime.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient_restricted");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}