/// <summary> /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a /// client. /// </summary> /// <param name="accessTokenRequestMessage"> /// Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources. /// </param> /// <returns>A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.</returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { TimeSpan clientApplicationLifetime = GetClientLifetime(accessTokenRequestMessage); var accessToken = new AuthorizationServerAccessToken { // Note: all other fields are assigned by IsAuthorizationValid() (i.e. ClientIdentifier, Scope, User and UtcIssued) // Set the crypto keys for accessing the secured services (assume there is only one secured service) AccessTokenSigningKey = CryptoKeyProvider.GetCryptoKey(CryptoKeyType.AuthZServer).PrivateEncryptionKey, ResourceServerEncryptionKey = GetRequestedSecureResourceCryptoKey(), // Set the limited lifetime of the token Lifetime = (clientApplicationLifetime != TimeSpan.Zero) ? clientApplicationLifetime : TimeSpan.FromMinutes(DefaultLifetime), }; // Insert user specific information string username = GetUserFromAccessTokenRequest(accessTokenRequestMessage); if (username.HasValue()) { IUserAuthInfo user = GetUserAuthInfo(username); if (user != null) { accessToken.ExtraData.Add(new KeyValuePair <string, string>( RequireAuthorizationAttribute.ExtraDataRoles, String.Join(@",", user.Roles))); } } return(new AccessTokenResult(accessToken)); }
private RSACryptoServiceProvider GetRequestedSecureResourceCryptoKey() { return(CryptoKeyProvider.GetCryptoKey(CryptoKeyType.ApiService).PublicSigningKey); }