private async Task <TokenRequestValidationResult> ValidateExtensionGrantRequestAsync(NameValueCollection parameters) { _logger.LogDebug("Start validation of custom grant token request"); ///////////////////////////////////////////// // check if client is allowed to use grant type ///////////////////////////////////////////// if (!_validatedRequest.Client.AllowedGrantTypes.Contains(_validatedRequest.GrantType)) { LogError("{clientId} does not have the custom grant type in the allowed list, therefore requested grant is not allowed", _validatedRequest.Client.ClientId); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if a validator is registered for the grant type ///////////////////////////////////////////// if (!_extensionGrantValidator.GetAvailableGrantTypes().Contains(_validatedRequest.GrantType, StringComparer.Ordinal)) { LogError("No validator is registered for the grant type: {grantType}", _validatedRequest.GrantType); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// if (!(await ValidateRequestedScopesAsync(parameters))) { return(Invalid(OidcConstants.TokenErrors.InvalidScope)); } ///////////////////////////////////////////// // validate custom grant type ///////////////////////////////////////////// var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest); if (result == null) { LogError("Invalid extension grant"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (result.IsError) { if (result.Error.IsPresent()) { LogError("Invalid extension grant: {error}", result.Error); return(Invalid(result.Error, result.ErrorDescription, result.CustomResponse)); } LogError("Invalid extension grant"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant, customResponse: result.CustomResponse)); } if (result.Subject != null) { _validatedRequest.Subject = result.Subject; } _logger.LogDebug("Validation of extension grant token request success"); return(Valid(result.CustomResponse)); }
private async Task <TokenRequestValidationResult> ValidateExtensionGrantRequestAsync(NameValueCollection parameters) { _logger.LogDebug("Start validation of custom grant token request"); ///////////////////////////////////////////// // check if client is allowed to use grant type ///////////////////////////////////////////// if (!_validatedRequest.Client.AllowedGrantTypes.Contains(_validatedRequest.GrantType)) { LogError("Client does not have the custom grant type in the allowed list, therefore requested grant is not allowed", new { clientId = _validatedRequest.Client.ClientId }); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if a validator is registered for the grant type ///////////////////////////////////////////// if (!_extensionGrantValidator.GetAvailableGrantTypes().Contains(_validatedRequest.GrantType, StringComparer.Ordinal)) { LogError("No validator is registered for the grant type", new { grantType = _validatedRequest.GrantType }); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// if (!await ValidateRequestedScopesAsync(parameters)) { return(Invalid(OidcConstants.TokenErrors.InvalidScope)); } ///////////////////////////////////////////// // validate custom grant type ///////////////////////////////////////////// var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest); if (result == null) { LogError("Invalid extension grant"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (result.IsError) { if (result.Error.IsPresent()) { LogError("Invalid extension grant", new { error = result.Error }); return(Invalid(result.Error, result.ErrorDescription, result.CustomResponse)); } else { LogError("Invalid extension grant"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant, customResponse: result.CustomResponse)); } } if (result.Subject != null) { ///////////////////////////////////////////// // make sure user is enabled ///////////////////////////////////////////// var isActiveCtx = new IsActiveContext( result.Subject, _validatedRequest.Client, IdentityServerConstants.ProfileIsActiveCallers.ExtensionGrantValidation); await _profile.IsActiveAsync(isActiveCtx); if (isActiveCtx.IsActive == false) { // todo: raise event? LogError("User has been disabled", new { subjectId = result.Subject.GetSubjectId() }); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } _validatedRequest.Subject = result.Subject; } _logger.LogDebug("Validation of extension grant token request success"); return(Valid(result.CustomResponse)); }