Exemplo n.º 1
0
        // Determine whether the given authorization is still ok
        public bool IsAuthorizationValid(IAuthorizationDescription authorization)
        {
            // If db precision exceeds token time precision (which is common), the following query would
            // often disregard a token that is minted immediately after the authorization record is stored in the db.
            // To compensate for this, we'll increase the timestamp on the token's issue date by 1 second.
            var grantedAuths = _authorizationRepository.FindCurrent(authorization.ClientIdentifier, authorization.User,
                                                                    authorization.UtcIssued + TimeSpan.FromSeconds(1)).ToList();

            if (!grantedAuths.Any())
            {
                // No granted authorizations prior to the issuance of this token, so it must have been revoked.
                // Even if later authorizations restore this client's ability to call in, we can't allow
                // access tokens issued before the re-authorization because the revoked authorization should
                // effectively and permanently revoke all access and refresh tokens.
                return(false);
            }

            // Determine the set of all scopes the user has authorized for this client
            var grantedScopes = new HashSet <string>(OAuthUtilities.ScopeStringComparer);

            foreach (var auth in grantedAuths)
            {
                grantedScopes.UnionWith(OAuthUtilities.SplitScopes(auth.Scope));
            }

            // See if what's requested is authorized
            return(authorization.Scope.IsSubsetOf(grantedScopes));
        }