/// <summary>
/// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a
/// client.
/// </summary>
/// <param name="accessTokenRequestMessage">
/// Details regarding the resources that the access token will grant access to, and the identity of the client
/// that will receive that access.
/// Based on this information the receiving resource server can be determined and the lifetime of the access
/// token can be set based on the sensitivity of the resources.
/// </param>
/// <returns>A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.</returns>
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
{
TimeSpan clientApplicationLifetime = GetClientLifetime(accessTokenRequestMessage);
var accessToken = new AuthorizationServerAccessToken
{
// Note: all other fields are assigned by IsAuthorizationValid() (i.e. ClientIdentifier, Scope, User and UtcIssued)
// Set the crypto keys for accessing the secured services (assume there is only one secured service)
AccessTokenSigningKey =
CryptoKeyProvider.GetCryptoKey(CryptoKeyType.AuthZServer).PrivateEncryptionKey,
ResourceServerEncryptionKey = GetRequestedSecureResourceCryptoKey(),
// Set the limited lifetime of the token
Lifetime = (clientApplicationLifetime != TimeSpan.Zero)
? clientApplicationLifetime
: TimeSpan.FromMinutes(DefaultLifetime),
};
// Insert user specific information
string username = GetUserFromAccessTokenRequest(accessTokenRequestMessage);
if (username.HasValue())
{
IUserAuthInfo user = GetUserAuthInfo(username);
if (user != null)
{
accessToken.ExtraData.Add(new KeyValuePair <string, string>(
RequireAuthorizationAttribute.ExtraDataRoles, String.Join(@",", user.Roles)));
}
}
return(new AccessTokenResult(accessToken));
}
private RSACryptoServiceProvider GetRequestedSecureResourceCryptoKey()
{
return(CryptoKeyProvider.GetCryptoKey(CryptoKeyType.ApiService).PublicSigningKey);
}
