/// <summary>
/// Custom validation logic for access tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <returns>
/// The validation result
/// </returns>
public async Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result)
{
if (result.IsError)
{
return result;
}
// make sure user is still active (if sub claim is present)
var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject);
if (subClaim != null)
{
var principal = Principal.Create("tokenvalidator", result.Claims.ToArray());
if (result.ReferenceTokenId.IsPresent())
{
principal.Identities.First().AddClaim(new Claim(Constants.ClaimTypes.ReferenceTokenId, result.ReferenceTokenId));
}
if (await _users.IsActiveAsync(principal) == false)
{
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.ExpiredToken;
result.Claims = null;
return result;
}
}
// make sure client is still active (if client_id claim is present)
var clientClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.ClientId);
if (clientClaim != null)
{
var client = await _clients.FindClientByIdAsync(clientClaim.Value);
if (client == null || client.Enabled == false)
{
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.ExpiredToken;
result.Claims = null;
return result;
}
}
return result;
}
public Task <Thinktecture.IdentityServer.Core.Validation.TokenValidationResult> ValidateIdentityTokenAsync(Thinktecture.IdentityServer.Core.Validation.TokenValidationResult result)
{
throw new NotImplementedException();
}
public Task <Thinktecture.IdentityServer.Core.Validation.TokenValidationResult> ValidateAccessTokenAsync(Thinktecture.IdentityServer.Core.Validation.TokenValidationResult result)
{
//result.IsError = true;
//result.Error = Constants.ProtectedResourceErrors.InvalidToken;
//result.Claims = null;
return(Task.FromResult(result));
}
/// <summary>
/// Custom validation logic for identity tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <returns>
/// The validation result
/// </returns>
public async Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result)
{
// make sure user is still active (if sub claim is present)
var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject);
if (subClaim != null)
{
var principal = Principal.Create("tokenvalidator", result.Claims.ToArray());
if (await _users.IsActiveAsync(principal) == false)
{
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.ExpiredToken;
result.Claims = null;
return result;
}
}
return result;
}
