public async Task <OidcTokenReply> TokenReply(string code, string client_id, string client_secret)
{
// FIXME: should use time-constant comparison
OIDCSession session = await _authDbContext.OIDCSessions
.Where(o => o.OIDCAppSettings.ClientSecret == client_secret && o.OIDCAppSettings.ClientId == client_id)
.Where(o => o.Id == new Guid(code))
.Include(s => s.User)
.Include(s => s.OIDCAppSettings)
.SingleAsync();
string protocolString = (_httpContextAccessor.HttpContext.Request.IsHttps ? "https://" : "http://");
string issuer = protocolString + _httpContextAccessor.HttpContext.Request.Host;
JwtBuilder jwtBuilder = _jwtFactory.Build();
string json = jwtBuilder
.Issuer(issuer)
.Subject(session.User.Id.ToString())
.AddClaim(ClaimName.Nonce, session.Nonce)
.Audience(session.OIDCAppSettings.ClientId)
.AddHeader(HeaderName.KeyId, "1")
.IssuedAt(DateTime.UtcNow)
.ExpirationTime(DateTime.UtcNow.AddHours(10))
.Encode();
// fixme: tokens should expire
return(new OidcTokenReply
{
AccessToken = code,
TokenType = "Bearer",
RefreshToken = code,
ExpiresIn = 3600,
IdToken = json,
});
}
