/// <summary>
        /// Refreshes an access token by expiring the existing tokens and creating a new appauthorization entry
        /// TODO: allow expiration dates
        /// </summary>
        /// <param name="appAuth"></param>
        /// <returns></returns>
        public static AppAuthorization AccessTokenRefresh(AppAuthorization appAuth)
        {
            // expire previous token
            using(AuthorizationDataContext oauthDataCtxt = new AuthorizationDataContext(System.Configuration.ConfigurationManager.ConnectionStrings["OAuthDb"].ConnectionString))
            {
                /// expire old auth
                var oldAppAuth = oauthDataCtxt.AppAuthorizations.First( a => a.Id == appAuth.Id);
                oldAppAuth.AuthTokenExpiration = DateTime.UtcNow;
                oldAppAuth.RefreshTokenExpiration = DateTime.UtcNow;

                // create new auth
                var newAppAuth = new AppAuthorization()
                {
                    AppId = appAuth.AppId,
                    UserId = appAuth.UserId,
                    Scope = appAuth.Scope,
                    AuthToken = GenerateToken(),
                    RefreshToken = GenerateToken(),
                    Created = DateTime.UtcNow
                };

                oauthDataCtxt.AppAuthorizations.InsertOnSubmit(newAppAuth);

                oauthDataCtxt.SubmitChanges();

                return newAppAuth as AppAuthorization;
            }
        }
        public static bool ValidateAccessToken(string accessToken, HttpRequestMessage request)
        {
            using (AuthorizationDataContext oauthDataCtxt = new AuthorizationDataContext(System.Configuration.ConfigurationManager.ConnectionStrings["OAuthDb"].ConnectionString))
            {
                // First, ensure the token is valid and not expired
                var appAuth = (
                                from appAuths in oauthDataCtxt.AppAuthorizations
                                where appAuths.AuthToken == accessToken && (!appAuths.AuthTokenExpiration.HasValue || appAuths.AuthTokenExpiration.Value <= DateTime.UtcNow)
                                select appAuths
                              ).FirstOrDefault();

                if (appAuth == null)
                {   // return invalid token error message
                    return false;
                }

                // scope == role
                string[] scopes = appAuth.Scope.ToLower().Split();

                // TODO: do we want to deactivate the token if scopes are removed from the user?
                // Next, ensure the scope is a valid scope for the delegated user
                var userRoles = (from userRole in oauthDataCtxt.UserRoles
                                 where userRole.UserId == appAuth.UserId
                                 select userRole.Role).Where(r => scopes.Contains(r.Name.ToLower()));

                if (userRoles == null || userRoles.Count() == 0)
                {   // TODO: return invalid scope error message
                    return false;
                }

                List<int> userRoleIdList = new List<int>();
                userRoles.ToList().ForEach( r => userRoleIdList.Add(r.Id));

                // validate that request / action is contained within role
                var allowedActions = from roleAction in oauthDataCtxt.RoleResourceActions
                                     where userRoleIdList.Contains(roleAction.RoleId)
                                     select roleAction;

                if (allowedActions == null || allowedActions.Count() == 0)
                {
                    // TODO: message of invalid roles
                    return false;
                }
                else
                {
                    foreach (var action in allowedActions)
                    {
                        // TODO: regex pattern matching on uri
                        if (action.Resource.Uri.Equals(request.RequestUri.AbsolutePath, StringComparison.CurrentCultureIgnoreCase)
                                && action.AllowedMethods.ToUpper().Contains(request.Method.Method.ToUpper()))
                        {
                            return true;
                        }
                    }
                }

                return false;
            }
        }
        public static AppAuthorization ValidateRefreshToken(string appId, string appSecret, string refreshToken)
        {
            AuthorizationDataContext oauthDataCtxt = new AuthorizationDataContext(System.Configuration.ConfigurationManager.ConnectionStrings["OAuthDb"].ConnectionString);

            var appAuth = from apps in oauthDataCtxt.Applications
                          where apps.AppPublicId == appId
                              && apps.AppSecret == appSecret
                          select (
                                  from authorizations in oauthDataCtxt.AppAuthorizations
                                  where authorizations.RefreshToken == refreshToken
                                          && (authorizations.RefreshTokenExpiration == null || authorizations.RefreshTokenExpiration < DateTime.UtcNow)
                                  select authorizations
                                  ).FirstOrDefault();

            return appAuth as AppAuthorization;
        }