private async Task ValidateRequestAsync(IRefreshTokenRequest request)
{
_request = request;
if (_request.ClientId == Guid.Empty || _request.ClientSecret == null)
{
throw new InvalidClientException("Invalid client credentials.");
}
if (_request.RefreshToken == null)
{
throw new InvalidGrantException("Refresh token could not be found");
}
_refreshToken = await _refreshTokenRepository.FindAsync(request.RefreshToken);
if (_refreshToken == null || _refreshToken.IsExpired || _refreshToken.Application.ClientId != request.ClientId)
{
throw new InvalidGrantException("Refresh token could not be found.");
}
// If someone tries to use the same refresh token twice, disable the access token.
if (_refreshToken.Used)
{
if (_refreshToken.AccessToken != null && !_refreshToken.AccessToken.IsExpired)
{
_refreshToken.AccessToken.Disabled = true;
await _accessTokenRepository.SaveAsync();
}
throw new InvalidGrantException("Refresh token could not be found.");
}
await _authenticateClientService.AuthenticateAsync(_request.ClientId, _request.ClientSecret);
// Make sure all requested scopes were requested in the original refresh token.
if (request.Scope != null)
{
var scopes = request.Scope.Split(" ");
foreach (var scope in scopes)
{
// Only allow the refreshed token to use the scopes issued with the
// original token as per https://tools.ietf.org/html/rfc6749#section-6
var originalScopes = _refreshToken.AuthorizationCode.Scope.Split(" ");
if (originalScopes.All(scopeName => scopeName != scope))
{
throw new InvalidScopeException("The provided scope is invalid.");
}
}
}
_scope = request.Scope ?? _refreshToken.Scope;
}
private async Task ValidateRequestAsync(IAuthorizationCodeTokenRequest request)
{
_request = request;
if (_request.ClientId == Guid.Empty)
{
throw new InvalidClientException("Invalid client credentials.");
}
if (_request.Code == null)
{
throw new InvalidGrantException("Invalid authorization code.");
}
_code = await _authorizationCodeRepository.FindAsync(_request.Code);
if (_code?.UserId == null || _code.IsExpired)
{
throw new InvalidGrantException("Invalid authorization code.");
}
// If someone tries to use the same authorization code twice, disable the access token.
if (_code.Used)
{
if (_code.AccessToken != null)
{
_code.AccessToken.Disabled = true;
await _accessTokenRepository.SaveAsync();
}
throw new InvalidGrantException("Invalid authorization code.");
}
if (_code.ClientId != _request.ClientId)
{
throw new InvalidGrantException("Invalid client id.");
}
_application = await _findApplicationService.FindByClientIdAsync(request.ClientId);
if (_application.Type == ClientTypes.Confidential)
{
await _authenticateClientService.AuthenticateAsync(request.ClientId, request.ClientSecret);
}
_redirectUri = request.RedirectUri ?? _application.RedirectUri;
if (_redirectUri != _application.RedirectUri)
{
throw new InvalidGrantException("The provided redirect URI does not match the one on record.");
}
}
public async Task <ActionResult> AddAccessToken()
{
// First, delete the current token
// TODO: Refactor so that it goes via ID
DeleteToken();
// Get a new token via Spotify API
var code = GetCodeFromHttpContext();
var tokenFromRepoDto = await _spotifyService.GetAccessTokenFromSpotify(code);
var tokenEntityToSave = _mapper.Map <Repository.Data.Entities.AccessToken>(tokenFromRepoDto);
tokenEntityToSave.DateModified = DateTime.Now;
// Store token
await _accessTokenRepository.AddAccessToken(tokenEntityToSave);
try
{
await _accessTokenRepository.SaveAsync();
}
catch (Exception ex)
{
_logger.LogError("Adding an access token failed on save.", ex);
}
return(Ok());
}
public async Task <JwtToken> GenerateTokenAsync(IResourceOwnerPasswordCredentialsTokenRequest request)
{
await ValidateRequestAsync(request);
var jwtToken = await CreateJwtTokenAsync();
var accessToken = jwtToken.ToAccessToken();
_accessTokenRepository.Add(accessToken);
await _accessTokenRepository.SaveAsync();
return(jwtToken);
}