public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
if (!context.TryGetBasicCredentials(out string clientId, out string clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (string.IsNullOrWhiteSpace(context.ClientId))
{
context.Rejected();
context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
var client = _refreshTokenManager.FindClient(Guid.Parse(context.ClientId));
if (client == null)
{
context.Rejected();
context.SetError("invalid_clientId", $"Client '{context.ClientId}' is not registered in the system.");
return(Task.FromResult <object>(null));
}
// Javascript client
if (client.ApplicationType == ApplicationType.Mobile)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.Rejected();
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
if (clientSecret != client.Secret)
{
context.Rejected();
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
if (!client.Active)
{
context.Rejected();
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set(OwinEnvironment.ClientAllowedOriginPropertyName, client.AllowedOrigin);
context.OwinContext.Set(OwinEnvironment.ClientRefreshTokenLifeTimePropertyName, client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
public async Task <IHttpActionResult> DeleteClient(Guid id)
{
var client = _refreshTokenManager.FindClient(id);
if (client == null)
{
return(NotFound());
}
var result = await _refreshTokenManager.RemoveClient(id);
if (result)
{
return(Ok());
}
ModelState.AddModelError("", $"Client: '{id}' could not delete.");
return(BadRequest(ModelState));
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
var audienceId = data.Properties.Dictionary[OwinEnvironment.ClientPropertyName];
var client = _refreshTokenManager.FindClient(Guid.Parse(audienceId));
var symmetricKeyBase64 = client.Secret;
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyBase64);
//var signingCredentials = new HmacSigningCredentials(keyByteArray);
var issued = data.Properties.IssuedUtc;
if (issued == null)
{
throw new Exception("Issued is null");
}
var expires = data.Properties.ExpiresUtc;
if (expires == null)
{
throw new Exception("Expires is null");
}
var signingCredentials = new SigningCredentials(_signingKey,
SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims,
issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}
