/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your
/// application has issued a "refresh_token"
/// along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token",
/// and possibly a new "refresh_token".
/// To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned.
/// The claims and properties
/// associated with the refresh token are present in the context.Ticket. The application must call context.Validated to
/// instruct the
/// Authorization Server middleware to issue an access token based on those claims and properties. The call to
/// context.Validated may
/// be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the
/// refresh token to
/// the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the
/// refresh token to
/// the access token unmodified.
/// See also http://tools.ietf.org/html/rfc6749#section-6
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var originalClient = context.Ticket.Properties.Dictionary[".client_id"];
var currentClient = context.ClientId;
if (originalClient != currentClient)
{
context.SetError("invalid_clientId", "Refresh token is issued to a different clientId.");
return;
}
var applicationUserManager = context.OwinContext.Get <ApplicationUserManager>();
var identityUser = await this.FindUserFromTicket(applicationUserManager, context);
if (identityUser.AccessRevokedDate != null)
{
context.SetError("invalid_grant", "User access is revoked.");
return;
}
var newIdentity = await ProviderUtils.GenerateUserIdentityAsync(applicationUserManager, identityUser);
var authenticationProperties = this.GetAuthenticationProperties(context.ClientId, newIdentity, identityUser);
var newTicket = new AuthenticationTicket(newIdentity, authenticationProperties);
await UpdateLastActivity(identityUser.Id);
context.Validated(newTicket);
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has
/// provided name and password
/// credentials directly into the client application's user interface, and the client application is using those to acquire
/// an "access_token" and
/// optional "refresh_token". If the web application supports the
/// resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To
/// issue an
/// access token the context.Validated must be called with a new ticket containing the claims about the resource owner
/// which should be associated
/// with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by
/// malicious callers.
/// The default behavior is to reject this grant type.
/// See also http://tools.ietf.org/html/rfc6749#section-4.3.2
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>(OwinKeys.ClientAllowedOrigin) ?? "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var userManager = context.OwinContext.Get <ApplicationUserManager>();
var user = await this.FindUserAsync(userManager, context);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (user.AccessRevokedDate != null)
{
context.SetError("invalid_grant", "User access is revoked.");
return;
}
var claimsIdentity = await ProviderUtils.GenerateUserIdentityAsync(userManager, user);
var authenticationProperties = this.GetAuthenticationProperties(context.ClientId, claimsIdentity, user);
var ticket = new AuthenticationTicket(claimsIdentity, authenticationProperties);
await UpdateLastActivity(user.Id);
context.Validated(ticket);
context.OwinContext.Set(OwinKeys.ClientId, context.ClientId);
}
public override Task <ClaimsIdentity> CreateUserIdentityAsync(IdentityUser user)
{
return(ProviderUtils.GenerateUserIdentityAsync(this.UserManager, user));
}
