public async Task <IActionResult> Authorize( [FromQuery(Name = "response_type")] string responseType, [FromQuery(Name = "client_id")] string clientId, [FromQuery(Name = "redirect_uri")] string redirectUri, [FromQuery(Name = "state")] string state) { if (!OAuth2ValidationHelpers.ValidateClient(Request, clientId, redirectUri)) { return(BadRequest("Invalid client_id or redirect_uri.")); } var urlParamLocation = "code".Equals(responseType, StringComparison.OrdinalIgnoreCase) ? OAuth2UrlParamLocation.Query : OAuth2UrlParamLocation.Fragment; if (!SupportedResponseTypes.Contains(responseType)) { return(Redirect(OAuth2UrlHelpers.GetErrorRedirectUrl( redirectUri, "unsupported_response_type", null, state, urlParamLocation))); } if (!User.Identity.IsAuthenticated) { return(Challenge()); } var userId = _userManager.GetUserId(User); if ("code".Equals(responseType, StringComparison.OrdinalIgnoreCase)) { var stsCode = await _stsOAuth2CodeRepository.CreateAsync( clientId, redirectUri, userId); return(Redirect(OAuth2UrlHelpers.GetCodeRedirectUrl( redirectUri, stsCode.Id.ToString(), state))); } else { var token = _oAuth2Service.GenerateAccessToken(userId, clientId); return(Redirect(OAuth2UrlHelpers.GetAccessTokenRedirectUrl( redirectUri, token.AccessToken, token.TokenType, token.ExpiresIn, state))); } }
public async Task <IActionResult> Token( [FromHeader(Name = "Authorization")] string authorization, [FromForm(Name = "grant_type")] string grantType, [FromForm(Name = "code")] string code, [FromForm(Name = "redirect_uri")] string redirectUri, [FromForm(Name = "refresh_token")] string refreshToken) { if (authorization == null || !authorization.StartsWith("basic ", StringComparison.OrdinalIgnoreCase)) { return(JsonWithStatus(401, new { error = "invalid_client", error_description = "No authentication found, only HTTP Basic authentication is supported" })); } var authToken = Encoding.UTF8.GetString(Convert.FromBase64String(authorization.Substring(6))); var authTokenParts = authToken.Split(':'); var clientId = WebUtility.UrlDecode(authTokenParts[0]); var clientSecret = WebUtility.UrlDecode(authTokenParts[1]); if (!OAuth2ValidationHelpers.ValidateClientAuth(clientId, clientSecret)) { return(JsonWithStatus(401, new { error = "invalid_client", error_description = "Invalid client_id or client_secret" })); } if ("authorization_code".Equals(grantType, StringComparison.OrdinalIgnoreCase)) { if (code == null || redirectUri == null) { return(JsonWithStatus(400, new { error = "invalid_request", error_description = "Missing parameter: code or redirect_uri" })); } var stsCode = await _stsOAuth2CodeRepository.GetAndDeleteAsync(code); if (stsCode == null || stsCode.ClientId != clientId || stsCode.RedirectUri != redirectUri) { return(JsonWithStatus(400, new { error = "invalid_grant" })); } var token = _oAuth2Service.GenerateAccessToken(stsCode.UserId, clientId); var stsRefreshToken = await _stsOAuth2RefreshTokenRepository.CreateAsync(clientId, stsCode.UserId); return(Json(new { access_token = token.AccessToken, token_type = token.TokenType, expires_in = token.ExpiresIn, refresh_token = stsRefreshToken.Id })); } else if ("refresh_token".Equals(grantType, StringComparison.OrdinalIgnoreCase)) { if (refreshToken == null) { return(JsonWithStatus(400, new { error = "invalid_request", error_description = "Missing parameter: refresh_token" })); } var stsRefreshToken = await _stsOAuth2RefreshTokenRepository.GetAsync(refreshToken); if (stsRefreshToken == null || stsRefreshToken.ClientId != clientId) { return(JsonWithStatus(400, new { error = "invalid_grant" })); } var token = _oAuth2Service.GenerateAccessToken(stsRefreshToken.UserId, clientId); return(Json(new { access_token = token.AccessToken, token_type = token.TokenType, expires_in = token.ExpiresIn })); } else { return(JsonWithStatus(400, new { error = "unsupported_grant_type" })); } }