protected AccessTokenResponse TokenEndpoint(AccessTokenRequest req)
{
AccessTokenEntry AccessTokenEntry;
string IdPSessionSecret;
if (req == null)
{
return(null);
}
AccessTokenResponse resp = new AccessTokenResponse();
CST_Ops.recordme(this, req, resp);
switch (req.grant_type)
{
case "authorization_code":
IdPSessionSecret = AuthorizationCodeRecs.findISSByClientIDAndCode(req.client_id /*, req.UserID*/, req.code);
if (IdPSessionSecret == null)
{
return(null);
}
AuthorizationCodeEntry AuthCodeEntry = (AuthorizationCodeEntry)AuthorizationCodeRecs.getEntry(IdPSessionSecret, req.client_id);
if (AuthCodeEntry.redirect_uri != req.redirect_uri)
{
return(null);
}
AccessTokenEntry = createAccessTokenEntry(AuthCodeEntry.redirect_uri, AuthCodeEntry.scope, AuthCodeEntry.state);
if (AccessTokenRecs.setEntry(AccessTokenEntry.access_token, req.client_id, req.UserID, AccessTokenEntry) == false)
{
return(null);
}
resp.access_token = AccessTokenEntry.access_token;
resp.refresh_token = AccessTokenEntry.refresh_token;
resp.scope = AccessTokenEntry.scope;
return(resp);
case "refresh_token":
IdPSessionSecret = AccessTokenRecs.findISSByClientIDAndRefreshToken(req.client_id, req.UserID, req.code);
if (IdPSessionSecret == null)
{
return(null);
}
AccessTokenEntry = (AccessTokenEntry)AccessTokenRecs.getEntry(req.access_token, req.client_id, req.UserID);
AccessTokenEntry newAccessTokenEntry = createAccessTokenEntry(AccessTokenEntry.redirect_uri, AccessTokenEntry.scope, AccessTokenEntry.state);
if (AccessTokenRecs.setEntry(newAccessTokenEntry.access_token, req.client_id, req.UserID, newAccessTokenEntry) == false)
{
return(null);
}
resp.access_token = AccessTokenEntry.access_token;
resp.refresh_token = AccessTokenEntry.refresh_token;
resp.scope = AccessTokenEntry.scope;
return(resp);
default:
return(null);
}
}
public Permission_Claim getEntry(Ticket ticket, string Realm, string UserID)
{
AccessToken at = (AccessToken)ticket;
AccessTokenEntry tokenEntry = dict[at][Realm][UserID];
Contract.Assume(tokenEntry.GetType() == typeof(AccessTokenEntry));
return(tokenEntry);
}
public override AccessTokenEntry createAccessTokenEntry(string redirect_uri, Permissions scope, string state)
{
AccessTokenEntry entry = new AccessTokenEntry();
entry.redirect_uri = redirect_uri;
entry.scope = scope;
entry.state = state;
return entry;
}
public override AccessTokenEntry createAccessTokenEntry(string redirect_uri, Permissions scope, string state)
{
AccessTokenEntry entry = new AccessTokenEntry();
entry.redirect_uri = redirect_uri;
entry.scope = scope;
entry.state = state;
return(entry);
}
public bool setEntry(Ticket ticket, string Realm, string UserID, Permission_Claim claim)
{
AccessToken at = (AccessToken)ticket;
AccessTokenEntry ate = (AccessTokenEntry)claim;
if (at == null && claim == null)
{
return(false);
}
dict[at] = new Dictionary <string, Dictionary <string, AccessTokenEntry> >();
dict[at][Realm] = new Dictionary <string, AccessTokenEntry>();
dict[at][Realm][UserID] = ate;
return(true);
}
public override AuthTicket_Resp ValidateTicket(AuthTicket_Req vtr)
{
Contract.Assume(vtr == GlobalObjects_base.AuthTicket_Req);
ValidateTokenRequest req = (ValidateTokenRequest)vtr;
AccessTokenEntry tokenEntry = (AccessTokenEntry)AccessTokenRecs.getEntry(req.access_token, req.client_id, req.UserID);
if (req.client_id != tokenEntry.Realm || req.UserID != tokenEntry.UserID || tokenEntry.permissions.permissionSet.IsSupersetOf(req.scope.permissionSet) == false)
{
return(null);
}
ValidateTokenResponse resp = (ValidateTokenResponse)Process_ValidateTicket(req, tokenEntry);
CST_Ops.recordme(this, req, resp, false, false);
return(resp);
}
public virtual ValidateTokenResponse Process_ValidateTicket(ValidateTokenRequest req, AccessTokenEntry tokenEntry)
{
ValidateTokenResponse resp = new ValidateTokenResponse();
resp.access_token = req.access_token;
resp.client_id = tokenEntry.Realm;
resp.claimed_scope = tokenEntry.permissions;
resp.scope = req.scope;
resp.UserID = tokenEntry.UserID;
resp.Realm = tokenEntry.Realm;
return(resp);
}
public virtual ValidateTokenResponse Process_ValidateTicket(ValidateTokenRequest req, AccessTokenEntry tokenEntry)
{
ValidateTokenResponse resp = new ValidateTokenResponse();
resp.access_token = req.access_token;
resp.client_id = tokenEntry.Realm;
resp.claimed_scope = tokenEntry.permissions;
resp.scope = req.scope;
resp.UserID = tokenEntry.UserID;
resp.Realm = tokenEntry.Realm;
return resp;
}