/// <summary>
        /// Creates a serialized and protected security token.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>
        /// A security token in serialized form
        /// </returns>
        /// <exception cref="System.InvalidOperationException">Invalid token type.</exception>
        public virtual async Task <string> CreateSecurityTokenAsync(Token token)
        {
            if (token.Type == Constants.TokenTypes.AccessToken)
            {
                if (token.Client.AccessTokenType == AccessTokenType.Jwt)
                {
                    Logger.Debug("Creating JWT access token");

                    return(await _signingService.SignTokenAsync(token));
                }

                Logger.Debug("Creating reference access token");

                var handle = Guid.NewGuid().ToString("N");
                await _tokenHandles.StoreAsync(handle, token);

                return(handle);
            }

            if (token.Type == Constants.TokenTypes.IdentityToken)
            {
                Logger.Debug("Creating JWT identity token");

                return(await _signingService.SignTokenAsync(token));
            }

            throw new InvalidOperationException("Invalid token type.");
        }
Exemplo n.º 2
0
        /// <summary>
        /// Creates a serialized and protected security token.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>
        /// A security token in serialized form
        /// </returns>
        /// <exception cref="System.InvalidOperationException">Invalid token type.</exception>
        public virtual async Task <string> CreateSecurityTokenAsync(Token token)
        {
            string tokenResult;

            if (token.Type == Constants.TokenTypes.AccessToken)
            {
                if (token.Client.AccessTokenType == AccessTokenType.Jwt)
                {
                    _logger.LogVerbose("Creating JWT access token");

                    tokenResult = await _signingService.SignTokenAsync(token);
                }
                else
                {
                    _logger.LogVerbose("Creating reference access token");

                    var handle = CryptoRandom.CreateUniqueId();
                    await _tokenHandles.StoreAsync(handle, token);

                    tokenResult = handle;
                }
            }
            else if (token.Type == Constants.TokenTypes.IdentityToken)
            {
                _logger.LogVerbose("Creating JWT identity token");

                tokenResult = await _signingService.SignTokenAsync(token);
            }
            else
            {
                throw new InvalidOperationException("Invalid token type.");
            }

            await _events.RaiseTokenIssuedEventAsync(token, tokenResult);

            return(tokenResult);
        }
Exemplo n.º 3
0
        public async Task <ValidationResult> Validate(NameValueCollection parameters, Client client)
        {
            Logger.Info("Start token request validation for appid with CPMS.");
            string appId       = parameters.Get(Constants.TokenRequest.AppId);
            string publisherid = parameters.Get(Constants.TokenRequest.PublisherId);

            if (appId != null)
            {
                var outputClaims = new List <Claim>
                {
                    new Claim(Constants.ClaimTypes.ClientId, client.ClientId),
                };

                // add scope
                outputClaims.Add(new Claim(Constants.ClaimTypes.Scope, Constants.StandardScopes.application));
                outputClaims.Add(new Claim(Constants.ClaimTypes.Scope, "add"));


                //add appid
                outputClaims.Add(new Claim(Constants.ClaimTypes.Appid, appId));
                var token = new Token(Constants.TokenTypes.AccessToken)
                {
                    Audience = string.Format(Constants.AccessTokenAudience, _options.IssuerUri.EnsureTrailingSlash()),
                    Issuer   = _options.IssuerUri,
                    Lifetime = client.AccessTokenLifetime,
                    Claims   = outputClaims.Distinct(new ClaimComparer()).ToList(),
                    Client   = client
                };

                string signedToken = await _signingService.SignTokenAsync(token);

                string servicePublisherId = _requestValidatorHelper.CallServiceGet(signedToken, ConfigurationManager.AppSettings["cpmsuri"],
                                                                                   "publisher");

                //if publisher id returned from CPMS is null then application
                //doesn't belongs to specific user (just created application),or
                //if publisher id returned from CPMS equals to parameter one
                //which means application belongs to this specific user
                if (servicePublisherId == null || servicePublisherId.Equals(publisherid, StringComparison.Ordinal))
                {
                    return(Valid());
                }
                return(Invalid("Application Id is not valid"));
            }
            return(Valid());
        }