public async ValueTask <HttpResponseMessage> ClientCredential_AuthV2(ClientCredentialV2 model)
{
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair <string, string>("issuer", model.issuer),
new KeyValuePair <string, string>("client", model.client),
new KeyValuePair <string, string>("grant_type", model.grant_type),
new KeyValuePair <string, string>("client_secret", model.client_secret),
});
return(await _http.PostAsync("oauth2/v2/ccg", content));
}
public async ValueTask <ClientJwtV2> ClientCredential_GrantV2(ClientCredentialV2 model)
{
var response = await Endpoints.ClientCredential_AuthV2(model);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsAsync <ClientJwtV2>().ConfigureAwait(false));
}
throw new HttpRequestException(response.RequestMessage.ToString(),
new Exception(response.ToString()));
}
public IActionResult ClientCredentialV2_Grant([FromForm] ClientCredentialV2 input)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
Guid issuerID;
tbl_Issuer issuer;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.issuer, out issuerID))
{
issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault();
}
else
{
issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault();
}
if (issuer == null)
{
ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}");
return(NotFound(ModelState));
}
else if (!issuer.IsEnabled)
{
ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}");
return(BadRequest(ModelState));
}
Guid audienceID;
tbl_Audience audience;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.client, out audienceID))
{
audience = uow.Audiences.Get(x => x.Id == audienceID).SingleOrDefault();
}
else
{
audience = uow.Audiences.Get(x => x.Name == input.client).SingleOrDefault();
}
if (audience == null)
{
ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}");
return(NotFound(ModelState));
}
else if (audience.IsLockedOut ||
!PBKDF2.Validate(audience.PasswordHashPBKDF2, input.client_secret))
{
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
AudienceId = audience.Id,
LoginType = GrantFlowType.ClientCredentialV2.ToString(),
LoginOutcome = GrantFlowResultType.Failure.ToString(),
}));
uow.Commit();
ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}");
return(BadRequest(ModelState));
}
var cc_claims = uow.Audiences.GenerateAccessClaims(issuer, audience);
var cc = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, cc_claims);
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
AudienceId = audience.Id,
LoginType = GrantFlowType.ClientCredentialV2.ToString(),
LoginOutcome = GrantFlowResultType.Success.ToString(),
}));
var rt_claims = uow.Audiences.GenerateRefreshClaims(issuer, audience);
var rt = auth.ClientCredential(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audience.Name, rt_claims);
uow.Refreshes.Create(
map.Map <tbl_Refresh>(new RefreshV1()
{
IssuerId = issuer.Id,
AudienceId = audience.Id,
RefreshType = ConsumerType.Client.ToString(),
RefreshValue = rt.RawData,
ValidFromUtc = rt.ValidFrom,
ValidToUtc = rt.ValidTo,
}));
uow.AuthActivity.Create(
map.Map <tbl_AuthActivity>(new AuthActivityV1()
{
AudienceId = audience.Id,
LoginType = GrantFlowType.RefreshTokenV2.ToString(),
LoginOutcome = GrantFlowResultType.Success.ToString(),
}));
uow.Commit();
var result = new ClientJwtV2()
{
token_type = "bearer",
access_token = cc.RawData,
refresh_token = rt.RawData,
client = audience.Name,
issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"],
expires_in = (int)(new DateTimeOffset(cc.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds,
};
return(Ok(result));
}
