private async Task <string> RetrieveBearerAccessToken()
{
var cacheId = this.GetType().FullName;
var clientAccessToken = await _clientAccessTokenCache.GetAsync(cacheId);
if (clientAccessToken != null)
{
return(clientAccessToken.AccessToken);
}
var disco = await _discoveryCache.GetAsync();
var tokenEndpoint = disco.TokenEndpoint;
var http = _httpClientFactory.CreateClient();
var token = await http.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = tokenEndpoint,
ClientAssertion = new ClientAssertion
{
Type = OidcConstants.ClientAssertionTypes.JwtBearer,
Value = _tokenGenerator.CreateClientAuthJwt()
}
});
await _clientAccessTokenCache.SetAsync(cacheId, token.AccessToken, token.ExpiresIn);
if (!token.IsError)
{
return(token.AccessToken);
}
_logger.LogError(token.Exception, token.ErrorDescription);
throw new Exception(token.ErrorDescription, token.Exception);
}
/// <inheritdoc/>
public async Task <string> GetClientAccessTokenAsync(string clientName = "default")
{
var item = await _clientAccessTokenCache.GetAsync(clientName);
if (item != null)
{
return(item.AccessToken);
}
try
{
return(await _clientTokenRequestDictionary.GetOrAdd(clientName, (string _) =>
{
return new Lazy <Task <string> >(async() =>
{
var response = await _tokenEndpointService.RequestClientAccessToken(clientName);
if (response.IsError)
{
_logger.LogError("Error requesting access token for client {clientName}. Error = {error}", clientName, response.Error);
return null;
}
await _clientAccessTokenCache.SetAsync(clientName, response.AccessToken, response.ExpiresIn);
return response.AccessToken;
});
}).Value);
}
finally
{
_clientTokenRequestDictionary.TryRemove(clientName, out _);
}
}
public async Task <string> GetTokenAsync(string incomingToken, string apiScope)
{
var item = await _clientAccessTokenCache
.GetAsync($"shoppingbaskettodownstreamtokenexchangeclient_{apiScope}");
if (item != null)
{
return(item.AccessToken);
}
var client = _httpClientFactory.CreateClient();
var discoveryDocumentResponse = await client
.GetDiscoveryDocumentAsync("https://localhost:5010/");
if (discoveryDocumentResponse.IsError)
{
throw new Exception(discoveryDocumentResponse.Error);
}
var customParams = new Dictionary <string, string>
{
{ "subject_token_type", "urn:ietf:params:oauth:token-type:access_token" },
{ "subject_token", incomingToken },
{ "scope", $"openid profile {apiScope}" }
};
var tokenResponse = await client.RequestTokenAsync(new TokenRequest()
{
Address = discoveryDocumentResponse.TokenEndpoint,
GrantType = "urn:ietf:params:oauth:grant-type:token-exchange",
Parameters = customParams,
ClientId = "shoppingbaskettodownstreamtokenexchangeclient",
ClientSecret = "0cdea0bc-779e-4368-b46b-09956f70712c"
});
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
await _clientAccessTokenCache.SetAsync(
$"shoppingbaskettodownstreamtokenexchangeclient_{apiScope}",
tokenResponse.AccessToken,
tokenResponse.ExpiresIn);
return(tokenResponse.AccessToken);
}
public async Task <string> GetTokenAsync(string incomingToken, string apiScope)
{
var item = await _clientAccessTokenCache
.GetAsync($"hesstoytrucks_baskets_to_downstream_tokenexchange_{apiScope}");
if (item != null)
{
return(item.AccessToken);
}
var client = _httpClientFactory.CreateClient();
var discoveryDocumentResponse = await client
.GetDiscoveryDocumentAsync(_config["IdentityServerUrl"]);
if (discoveryDocumentResponse.IsError)
{
throw new Exception(discoveryDocumentResponse.Error);
}
var customParams = new Dictionary <string, string>
{
{ "subject_token_type", "urn:ietf:params:oauth:token-type:access_token" },
{ "subject_token", incomingToken },
{ "scope", $"{apiScope}" }
};
var tokenResponse = await client.RequestTokenAsync(new TokenRequest()
{
Address = discoveryDocumentResponse.TokenEndpoint,
GrantType = "urn:ietf:params:oauth:grant-type:token-exchange",
Parameters = customParams,
ClientId = "hesstoytrucks_baskets_to_downstream_tokenexchange",
ClientSecret = "b438b4c0-9963-444d-882f-74a754e667d1"
});
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
await _clientAccessTokenCache.SetAsync(
$"hesstoytrucks_baskets_to_downstream_tokenexchange_{apiScope}",
tokenResponse.AccessToken,
tokenResponse.ExpiresIn);
return(tokenResponse.AccessToken);
}
public async Task <string> GetAccessToken(string incomingToken)
{
var item = await _clientAccessTokenCache
.GetAsync("gatewaytodownstreamtokenexchangeclient_eventcatalog");
if (item != null)
{
return(item.AccessToken);
}
var(accessToken, expiresIn) = await ExchangeToken(incomingToken);
await _clientAccessTokenCache.SetAsync(
"gatewaytodownstreamtokenexchangeclient_eventcatalog",
accessToken,
expiresIn);
return(accessToken);
}
public async Task <string> GetToken()
{
var currentToken = await _clientAccessTokenCache.GetAsync("WebClientToken");
if (currentToken != null)
{
return(currentToken.AccessToken);
}
var discover = await _httpClient.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest()
{
Address = _serviceApiSettings.IdentityBaseUri,
Policy = new DiscoveryPolicy()
{
RequireHttps = false
}
});
if (discover.IsError)
{
throw discover.Exception;
}
var clientCredentialTokenRequest = new ClientCredentialsTokenRequest()
{
ClientId = _clientSettings.WebMvcClient.ClientId,
ClientSecret = _clientSettings.WebMvcClient.ClientSecret,
Address = discover.TokenEndpoint
};
var newToken = await _httpClient.RequestClientCredentialsTokenAsync(clientCredentialTokenRequest);
if (newToken.IsError)
{
throw newToken.Exception;
}
await _clientAccessTokenCache.SetAsync("WebClientToken", newToken.AccessToken, newToken.ExpiresIn);
return(newToken.AccessToken);
}
/// <inheritdoc/>
public async Task <string> GetClientAccessTokenAsync(
string clientName = AccessTokenManagementDefaults.DefaultTokenClientName,
ClientAccessTokenParameters parameters = null,
CancellationToken cancellationToken = default)
{
parameters ??= new ClientAccessTokenParameters();
if (parameters.ForceRenewal == false)
{
var item = await _clientAccessTokenCache.GetAsync(clientName, parameters, cancellationToken);
if (item != null)
{
return(item.AccessToken);
}
}
try
{
return(await _sync.Dictionary.GetOrAdd(clientName, _ =>
{
return new Lazy <Task <string> >(async() =>
{
var response = await _tokenEndpointService.RequestClientAccessToken(clientName, parameters, cancellationToken);
if (response.IsError)
{
_logger.LogError("Error requesting access token for client {clientName}. Error = {error}", clientName, response.Error);
return null;
}
await _clientAccessTokenCache.SetAsync(clientName, response.AccessToken, response.ExpiresIn, parameters, cancellationToken);
return response.AccessToken;
});
}).Value);
}
finally
{
_sync.Dictionary.TryRemove(clientName, out _);
}
}
private async Task <string> EnsureGetAccessTokenAsync(string incomingToken)
{
var clientAccessToken = await _tokenCache.GetAsync(ClientIds.GatewayDownstreamTokenExchanger);
if (clientAccessToken != null)
{
return(clientAccessToken.AccessToken);
}
// 현재 expire되지 않은 유효한 토큰이 없다. 새로 발급받아야 한다.
var tokenResponse = await ExchangeToken(incomingToken);
await _tokenCache.SetAsync(
ClientIds.GatewayDownstreamTokenExchanger,
tokenResponse.AccessToken,
tokenResponse.ExpiresIn
);
return(tokenResponse.AccessToken);
}
private async Task <string> GetAccessToken(string incomingToken)
{
var item = await _clientAccessTokenCache
.GetAsync("hesstoytrucks_gateway_to_apis_tokenexchange_catalog");
if (item != null)
{
System.Console.WriteLine($"token is in cache");
return(item.AccessToken);
}
var(accessToken, expiresIn) = await ExchangeToken(incomingToken);
await _clientAccessTokenCache.SetAsync(
"hesstoytrucks_gateway_to_apis_tokenexchange_catalog",
accessToken,
expiresIn);
System.Console.WriteLine($"Token is new. It will expire in {expiresIn}");
return(accessToken);
}
public async Task <Response <string> > ConnectTokenAsync()
{
Response <string> response = null;
ClientAccessToken currentToken = await clientAccessTokenCache.GetAsync("WebClientToken");
if (currentToken is not null)
{
response = Response <string> .Success(currentToken.AccessToken, StatusCodes.Status200OK);
logger.LogResponse(response);
return(response);
}
TokenResponse res = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest()
{
Address = "connect/token",
ClientId = clientSettings.WebClient.ClientId,
ClientSecret = clientSettings.WebClient.ClientSecret,
Scope = "IdentityServerApi"
});
if (res.IsError)
{
response = await res.GetResponseAsync <string>(true, "TokenService/ConnectTokenAsync", "Token alınırken beklenmedik bir hata ile karşılaşıldı");
logger.LogResponse(response);
return(response);
}
await clientAccessTokenCache.SetAsync("WebClientToken", res.AccessToken, res.ExpiresIn);
response = Response <string> .Success(res.AccessToken, (int)res.HttpStatusCode);
logger.LogResponse(response);
return(response);
}