public async Task <IActionResult> TokenExchange([FromBody] TokenExchangeViewModel vm)
        {
            Application application = await _applicationService.FindByClientIdAsync(vm.ClientId);

            if (application == null || vm.ClientSecret != application.ClientSecret)
            {
                return(new JsonResult(new
                {
                    status = 400,
                    message = "Validation failed - double check your parameters and try again"
                })
                {
                    StatusCode = StatusCodes.Status400BadRequest
                });
            }

            AuthorisationCode authCode = await _authorisationCodeService.FindByCodeAsync(vm.AuthorisationCode);

            if (authCode == null)
            {
                return(new JsonResult(new
                {
                    status = 400,
                    message = "Validation failed - double check your parameters and try again"
                })
                {
                    StatusCode = StatusCodes.Status400BadRequest
                });
            }

            User        user  = (User)HttpContext.Items["User"];
            AccessToken token = await _accessTokenService.CreateAsync(user, authCode.Application);

            return(Ok(new
            {
                status = 200,
                message = "Token exchanged successfully",
                data = new
                {
                    code = token.Code,
                    type = "Bearer",
                    expires = token.ExpiresAt.ToString(CultureInfo.InvariantCulture)
                }
            }));
        }
Exemplo n.º 2
0
        public async Task <IActionResult> Authenticate([FromBody] PasswordGrantRequestViewModel vm)
        {
            if (vm.GrantType.ToLower() != "password" || !ModelState.IsValid)
            {
                string message = (ModelState.IsValid)
                    ? "Unknown grant type provided - Only password grant types are available at this endpoint"
                    : "Validation failed";

                return(new JsonResult(new
                {
                    status = 400,
                    message,
                    data = (!ModelState.IsValid) ? ModelState : null
                })
                {
                    StatusCode = StatusCodes.Status400BadRequest
                });
            }

            User user = await _userService.FindByEmailAsync(vm.Email);

            if (user == null || !_userService.VerifyPassword(user.Password, vm.Password))
            {
                return(new JsonResult(new
                {
                    status = 401,
                    message = "Invalid credentials provided"
                })
                {
                    StatusCode = StatusCodes.Status401Unauthorized
                });
            }

            UserApplication userApplication;

            try
            {
                userApplication = await _userApplicationService.FindOrCreateByUserAndClientIdAsync(user, vm.ClientId);
            }
            catch (UnknownApplicationException ex)
            {
                return(new JsonResult(new
                {
                    status = 400,
                    message = ex.Message
                })
                {
                    StatusCode = StatusCodes.Status400BadRequest
                });
            }

            if (!userApplication.Application.FirstParty)
            {
                return(new JsonResult(new
                {
                    status = 403,
                    message = "Third party applications are not permitted to use password grants"
                })
                {
                    StatusCode = StatusCodes.Status403Forbidden
                });
            }

            AccessToken accessToken = await _accessTokenService.CreateAsync(user, userApplication.Application);

            CookieOptions options = new CookieOptions();

            options.Expires  = accessToken.ExpiresAt;
            options.HttpOnly = true;
            Response.Cookies.Append("_oidc.core-token", accessToken.Code, options);

            return(Ok(new
            {
                status = 200,
                message = "Authentication successful",
                data = accessToken.Code // @todo - remove this, do not return tokens from this endpoint
            }));
        }