protected DataModels.Approval Approve(DataModels.Client Client, DataModels.ResourceOwner Owner, string Scope)
{
DataModels.Approval approval = ApprovalModel.GetApproval(Client, Owner);
if (approval == null || TokenHelper.MissingScopesArray(Scope, approval.scope).Length != 0)
{
string apprUrl = Request.GetApplicationUrl();
if (!apprUrl.EndsWith("/"))
{
apprUrl += '/';
}
UriBuilder bldr = new UriBuilder(apprUrl);
bldr.Path += "approval";
string query = "client_id=" + Client.id + "&redirect=" + Request.AbsoluteUri.UrlEncode();
if (Scope != null)
{
query += "&scope=" + Scope.UrlEncode();
}
bldr.Query = query;
Response.AddHeader("Location", bldr.ToString());
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
return(null);
}
return(approval);
}
public T Exchange <T>(string RefreshToken, string ClientID)
where T : DataModels.Token, new()
{
DataModels.Approval approval = ApprovalModel.GetApprovalByRefreshToken(ClientID, RefreshToken);
if (RefreshToken != approval.refresh_token)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.access_denied, "Invalid refresh token");
}
return(TokenModel.InsertToken <T>(
Extension.TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.Now.GetTotalSeconds(), ClientID, approval.scope, approval.resource_owner_id, approval.refresh_token));
}
protected void HandleCodeGrant(ITokenRequest TokenRequest, DataModels.Client Client)
{
if (Client.type == DataModels.ClientTypes.user_agent_based_application || string.IsNullOrWhiteSpace(Client.secret))
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.unauthorized_client, "Only secure clients are supported for code grants");
}
DataModels.ResourceOwner owner = Authenticate();
if (owner == null)
{
return;
}
DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope);
if (approval == null)
{
return;
}
DataModel.AuthorizationCode code = CodeGrantHanldler.Authorize(TokenRequest, approval, Client, owner);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown server error");
}
string redirect = GetRedirectURI(TokenRequest, Client);
UriBuilder bldr = new UriBuilder(redirect);
string queryParms = "code=" + code.authorization_code;
if (!string.IsNullOrWhiteSpace(code.scope))
{
queryParms += "&scope=" + code.scope.UrlEncode();
}
if (TokenRequest.state != null)
{
queryParms += "&state=" + TokenRequest.state.UrlEncode();
}
bldr.Query = queryParms;
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
Response.AddHeader("Location", bldr.ToString());
return;
}
protected void HandleTokenGrant(ITokenRequest TokenRequest, DataModels.Client Client)
{
DataModels.ResourceOwner owner = Authenticate();
if (owner == null)
{
return;
}
DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope);
if (approval == null)
{
return;
}
DataModels.TokenResponse token = TokenGrantHandler.Authorize <DataModels.TokenResponse>(Client, owner, approval.scope);
token.state = TokenRequest.state.UrlEncode();
string toRedirect = GetRedirectURI(TokenRequest, Client);
if (toRedirect == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Registerd Redirect URI");
}
UriBuilder bldr = new UriBuilder(toRedirect);
if (Client.type == DataModels.ClientTypes.web_application)
{
bldr.Query += token.ToURIString();
}
else
{
if (!string.IsNullOrWhiteSpace(bldr.Fragment))
{
bldr.Fragment = bldr.Fragment.SafeSubstring(1, bldr.Fragment.Length - 1) + '?' + token.ToURIString();
}
else
{
bldr.Fragment = token.ToURIString();
}
}
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
Response.AddHeader("Location", bldr.ToString());
return;
}
public T Exchange <T>(DataModels.ITokenRequest Request, DataModels.Client Client)
where T : DataModels.Token, new()
{
Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.GetAuthorizationCode(Request.code, Client.id, Request.redirect_uri != null ? Request.redirect_uri.ToString() : null);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "Invalid token");
}
DataModels.Approval Approval = ApprovalModel.GetApproval(Client.id, code.resource_owner_id);
if (!AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri))
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.access_denied, "Code already used");
}
return(TokenModel.InsertToken <T>(
Extension.TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.Now.GetTotalSeconds(), Client.id, Approval.scope, Approval.resource_owner_id, Approval.refresh_token));
}
public object Post(ApprovalResponse ApprovalResponse)
{
ApprovalData data = new ApprovalData();
data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
Request.Items.Add("Model", data);
data.Redirect = ApprovalResponse.redirect;
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
}
Uri redirectURI = null;
if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
(redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = redirectURI.ToString();
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
}
data.Owner = owner;
DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
data.Client = client;
List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();
string scope = "";
if (scopes != null)
{
scopes.ForEach((cur) => scope += cur.scope_name + " ");
}
data.RequestedScopes = scopes;
DataModels.Approval approval = new DataModels.Approval()
{
client_id = client.id,
resource_owner_id = owner.id,
type = DataModels.ApprovalTypes.user_granted,
scope = scope,
};
if (!ApprovalModel.AddOrUpdateApproval(approval))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
}
return(new HttpResult(data)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Location = ApprovalResponse.redirect
});
}
public Server.DataModel.AuthorizationCode Authorize(DataModels.ITokenRequest Request, DataModels.Approval Approval, DataModels.Client Client, DataModels.ResourceOwner Owner)
{
Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.InsertAuthorizationCode(
Extension.TokenHelper.CreateAccessToken(), Client, Owner, DateTime.Now.GetTotalSeconds(), Approval.scope, Request.redirect_uri);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error storing access code");
}
if (string.IsNullOrWhiteSpace(Approval.refresh_token))
{
Approval.refresh_token = Extension.TokenHelper.CreateAccessToken();
if (!ApprovalModel.AddOrUpdateApproval(Approval))
{
AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri);
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error updating approval");
}
}
return(code);
}