Exemplo n.º 1
0
        public void Build()
        {
            if (this.Subject == null || this.Subject == "")
            {
                throw new ArgumentNullException("Subject must have a value");
            }

            var now = DateTime.UtcNow;

            _jwt = new JwtSecurityToken(
                issuer: _audience.Issuer,
                audience: _audience.Id,
                notBefore: now,
                expires: now.Add(this.Expiration),
                signingCredentials: this.GetSigningCredentials(),
                claims: this.GetClaims(now)
                );

            //TODO:
            //Encrypt refresh token protected ticket here:
            //
            _refreshToken = Domain.RefreshToken.New(this.Subject, _audience.Id, now, GetAccessTokenString(), _audience.RefreshTokenLifetimeMinutes);
        }
Exemplo n.º 2
0
        public async Task Execute(RequestDelegate next, HttpContext context, ArgonautOptions options)
        {
            var rtFromRequest        = context.Request.Form["refresh_token"];
            var hashedRefreshTokenId = Argonaut.Internal.Hashing.GetHash(rtFromRequest);

            var persistenceResponse = options.RefreshAccessToken(hashedRefreshTokenId); //Client returns refresh token model with encrpted ticket.

            if (persistenceResponse == null)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            if (persistenceResponse.RefreshToken == null)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            if (persistenceResponse.Audience == null)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            //Map to domain refresh token
            Domain.RefreshToken rt = Domain.RefreshToken.New(
                persistenceResponse.RefreshToken.Id,
                persistenceResponse.RefreshToken.Subject,
                persistenceResponse.RefreshToken.AudienceId,
                persistenceResponse.RefreshToken.ProtectedTicket,
                persistenceResponse.RefreshToken.IssuedUtc,
                persistenceResponse.RefreshToken.ExpiresUtc
                );

            var nowUtc = DateTime.UtcNow; //TODO: Could do with moving to interface

            if (nowUtc > rt.ExpiresUtc)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            try {
                rt.DecryptTicket(_encryptor, rtFromRequest.ToString());
            } catch {
                context.Response.StatusCode = 401;
                await context.Response.WriteAsync("Persisted refresh token failed decryption - Log in using username and password.");

                return;
            }

            if (rt.ProtectedTicket == null)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            var vp      = new JWTValidationParametersGenerator(persistenceResponse.Audience).SecretOnly();
            var handler = new JwtSecurityTokenHandler();

            Microsoft.IdentityModel.Tokens.SecurityToken validatedToken = null;
            try {
                handler.ValidateToken(rt.ProtectedTicket, vp, out validatedToken);
            } catch {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            if (validatedToken == null)
            {
                await RespondRefreshTokenInvalid(context);

                return;
            }

            var jwt         = validatedToken as System.IdentityModel.Tokens.Jwt.JwtSecurityToken;
            var sub         = jwt.Claims.Where(l => l.Type == "sub").FirstOrDefault().Value;
            var claimsToUse = jwt.Claims.ExcludeDefaultAccessTokenClaims();

            _jwtBuilder = JWTBuilder.New(persistenceResponse.Audience);
            _jwtBuilder.AddClaims(claimsToUse);

            await GenerateAccessToken(context, sub, options);
        }