protected async Task AuthorizeAsync(IGrainCallContext grainCallContext,
string accessToken, OAuth2EndpointInfo oAuth2EndpointInfo)
{
if (string.IsNullOrEmpty(accessToken))
{
throw new ArgumentNullException($"{nameof(accessToken)}");
}
if (oAuth2EndpointInfo == null)
{
throw new ArgumentNullException($"{nameof(oAuth2EndpointInfo)}");
}
var accessTokenValidationResult = await _accessTokenValidator.Validate(accessToken, oAuth2EndpointInfo);
if (accessTokenValidationResult.IsValid)
{
IEnumerable <IAuthorizeData> grainAuthorizeData = null;
var grainMethodAuthorizeData = grainCallContext.InterfaceMethod.GetCustomAttributes <AuthorizeAttribute>();
if (grainCallContext.InterfaceMethod.ReflectedType != null)
{
grainAuthorizeData =
grainCallContext.InterfaceMethod.ReflectedType.GetCustomAttributes <AuthorizeAttribute>();
}
await _authorizeHandler.AuthorizeAsync(accessTokenValidationResult.Claims,
grainAuthorizeData, grainMethodAuthorizeData);
}
else
{
throw new OrleansClusterUnauthorizedAccessException("Invalid Access Token.",
new InvalidAccessTokenException(accessTokenValidationResult.InvalidValidationMessage));
}
}
/// <inheritdoc/>
public async Task <IntrospectionResponse> ValidateToken(string token)
{
IntrospectionResponse result = new();
bool isValid = false;
try
{
isValid = await _validator.Validate(token);
}
catch (Exception ex)
{
_logger.LogInformation("// EFormidlingAccessTokenValidator // Token validation failed with exception {Exception}", ex);
}
if (isValid)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwt = tokenHandler.ReadJwtToken(token);
result.Active = true;
result.Iss = jwt.Issuer;
}
return(result);
}
public async Task <Maybe <Token> > RefreshTokenAsync(string accessToken, string refreshToken)
{
var claims = _accessTokenValidator.Validate(accessToken,
HexadoTokenSpecific.GetValidationParameters(_options.Secret, false));
if (!claims.HasValue || claims.Value.All(claim => claim.Type != ClaimTypes.Email))
{
return(Maybe <Token> .Nothing);
}
var email = claims.Value
.Single(c => c.Type == ClaimTypes.Email).Value;
var user = await _hexadoUserRepository
.GetUserIncludeTokensAsync(u => u.Email == email);
if (!user.HasValue || !user.Value.IsValidRefreshToken(refreshToken))
{
return(Maybe <Token> .Nothing);
}
var token = _tokenFactory.GenerateToken(user.Value.Id, claims.Value);
if (!token.HasValue)
{
return(Maybe <Token> .Nothing);
}
user.Value.RemoveRefreshToken(refreshToken);
user.Value.RefreshTokens.Add(token.Value.RefreshToken);
await _hexadoUserRepository.UpdateAsync(user.Value);
return(token);
}
public async Task <IActionResult> Migrate([HttpTrigger(AuthorizationLevel.Anonymous, nameof(HttpMethods.Put), Route = "migrate")] HttpRequest req)
{
var user = await accessTokenValidator.Validate(req);
if (!user.Identity.IsAuthenticated)
{
return(new UnauthorizedResult());
}
await dbContext.Database.MigrateAsync();
return(new OkObjectResult(new { success = true }));
}