public async Task <IActionResult> Create(HandlerContext context, CancellationToken cancellationToken)
{
try
{
var oauthClient = await _clientAuthenticationHelper.AuthenticateClient(context.Request.HttpHeader, context.Request.RequestData, context.Request.Certificate, context.Request.IssuerName, cancellationToken, ErrorCodes.INVALID_REQUEST);
context.SetClient(oauthClient);
var user = await _bcAuthorizeRequestValidator.ValidateCreate(context, cancellationToken);
context.SetUser(user);
var requestedExpiry = context.Request.RequestData.GetRequestedExpiry();
var interval = context.Request.RequestData.GetInterval();
if (requestedExpiry == null)
{
requestedExpiry = _options.AuthRequestExpirationTimeInSeconds;
}
var currentDateTime = DateTime.UtcNow;
var openidClient = oauthClient as OpenIdClient;
var permissions = await GetPermissions(context.Client.ClientId, context.User.Id, cancellationToken);
var bcAuthorize = Domains.BCAuthorize.Create(
currentDateTime.AddSeconds(requestedExpiry.Value),
oauthClient.ClientId,
interval ?? _options.DefaultBCAuthorizeWaitIntervalInSeconds,
openidClient.BCClientNotificationEndpoint,
openidClient.BCTokenDeliveryMode,
context.Request.RequestData.GetScopesFromAuthorizationRequest(),
context.User.Id,
context.Request.RequestData.GetClientNotificationToken(),
permissions);
bcAuthorize.IncrementNextFetchTime();
await _bcAuthorizeRepository.Add(bcAuthorize, cancellationToken);
await _bcAuthorizeRepository.SaveChanges(cancellationToken);
foreach (var grp in permissions.GroupBy(p => p.ConsentId))
{
await _bcNotificationService.Notify(context, bcAuthorize.Id, grp.ToArray(), cancellationToken);
}
return(new OkObjectResult(new JObject
{
{ BCAuthenticationResponseParameters.AuthReqId, bcAuthorize.Id },
{ BCAuthenticationResponseParameters.ExpiresIn, requestedExpiry.Value }
}));
}
catch (OAuthUnauthorizedException ex)
{
return(BaseCredentialsHandler.BuildError(HttpStatusCode.Unauthorized, ex.Code, ex.Message));
}
catch (OAuthException ex)
{
return(BaseCredentialsHandler.BuildError(HttpStatusCode.BadRequest, ex.Code, ex.Message));
}
}
protected async Task <BaseClient> AuthenticateClient(HandlerContext context, CancellationToken cancellationToken)
{
var oauthClient = await _clientAuthenticationHelper.AuthenticateClient(context.Request.HttpHeader, context.Request.RequestData, context.Request.Certificate, context.Request.IssuerName, cancellationToken);
if (oauthClient.GrantTypes == null || !oauthClient.GrantTypes.Contains(GrantType))
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(ErrorMessages.BAD_CLIENT_GRANT_TYPE, GrantType));
}
return(oauthClient);
}
protected async Task <OAuthClient> AuthenticateClient(HandlerContext context)
{
var oauthClient = await _clientAuthenticationHelper.AuthenticateClient(context.Request.HttpHeader, context.Request.Data, context.Request.IssuerName).ConfigureAwait(false);
if (oauthClient.GrantTypes == null || !oauthClient.GrantTypes.Contains(GrantType))
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(ErrorMessages.BAD_CLIENT_GRANT_TYPE, GrantType));
}
return(oauthClient);
}
public async Task Handle(JObject jObjHeader, JObject jObjBody, string issuerName)
{
_revokeTokenValidator.Validate(jObjBody);
var oauthClient = await _clientAuthenticationHelper.AuthenticateClient(jObjBody, jObjBody, issuerName).ConfigureAwait(false);
var refreshToken = _grantedTokenHelper.GetRefreshToken(jObjBody.GetStr(RevokeTokenRequestParameters.Token));
if (refreshToken != null && !refreshToken.GetClientIdFromAuthorizationRequest().Equals(oauthClient.ClientId, StringComparison.InvariantCultureIgnoreCase))
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, ErrorMessages.UNAUTHORIZED_CLIENT);
}
_grantedTokenHelper.RemoveRefreshToken(jObjBody.GetStr(RevokeTokenRequestParameters.Token));
}
public async Task Handle(JObject jObjHeader, JObject jObjBody, X509Certificate2 certificate, string issuerName, CancellationToken cancellationToken)
{
var token = jObjBody.GetStr(RevokeTokenRequestParameters.Token);
var validationResult = _revokeTokenValidator.Validate(jObjBody);
var oauthClient = await _clientAuthenticationHelper.AuthenticateClient(jObjBody, jObjBody, certificate, issuerName, cancellationToken);
bool isAccessTokenRemoved = false, isRefreshTokenRemoved = false;
if (validationResult.TokenTypeHint == TokenResponseParameters.AccessToken)
{
isAccessTokenRemoved = await _grantedTokenHelper.TryRemoveAccessToken(token, oauthClient.ClientId, cancellationToken);
}
else if (validationResult.TokenTypeHint == TokenResponseParameters.RefreshToken)
{
isRefreshTokenRemoved = await _grantedTokenHelper.TryRemoveRefreshToken(token, oauthClient.ClientId, cancellationToken);
}
else
{
isAccessTokenRemoved = await _grantedTokenHelper.TryRemoveAccessToken(token, oauthClient.ClientId, cancellationToken);
if (!isAccessTokenRemoved)
{
isRefreshTokenRemoved = await _grantedTokenHelper.TryRemoveRefreshToken(token, oauthClient.ClientId, cancellationToken);
}
}
if (isRefreshTokenRemoved)
{
_logger.LogInformation($"refresh token '{token}' has been removed");
}
if (isAccessTokenRemoved)
{
_logger.LogInformation($"access token '{token}' has been removed");
}
}