/// <summary>
/// Validates that the requested scopes is contained in the store, and the client is allowed to request it.
/// </summary>
/// <param name="client"></param>
/// <param name="resourcesFromStore"></param>
/// <param name="requestedScope"></param>
/// <param name="result"></param>
/// <returns></returns>
protected override async Task ValidateScopeAsync(Client client, Resources resourcesFromStore,
ParsedScopeValue requestedScope, ResourceValidationResult result)
{
var parameters = await _scopedHttpContextRequestForm.GetFormCollectionAsync();
var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType);
if (grantType == null)
{
// check if this is deviceauthorizaiton.
if (_httpContextAccessor.HttpContext.Request.Path.ToString().Contains("deviceauthorization"))
{
grantType = Constants.GrantType.DeviceAuthorization;
}
}
switch (grantType)
{
case Constants.GrantType.DeviceCode:
case Constants.GrantType.DeviceAuthorization:
case Constants.GrantType.TokenExchangeMutate:
case Constants.GrantType.TokenExchange:
case Constants.GrantType.ArbitraryToken:
case Constants.GrantType.ArbitraryIdentity:
if (requestedScope.ParsedName == IdentityServerConstants.StandardScopes.OfflineAccess)
{
if (await IsClientAllowedOfflineAccessAsync(client))
{
result.Resources.OfflineAccess = true;
result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess));
}
else
{
result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
}
}
else
{
result.ParsedScopes.Add(requestedScope);
}
break;
default:
await base.ValidateScopeAsync(client, resourcesFromStore, requestedScope, result);
break;
}
}
public async Task <string> CreateRefreshTokenAsync(
ClaimsPrincipal subject, Token accessToken, Client client)
{
Logger.LogDebug("Creating refresh token");
int lifetime;
if (client.RefreshTokenExpiration == TokenExpiration.Absolute)
{
Logger.LogDebug("Setting an absolute lifetime: {absoluteLifetime}",
client.AbsoluteRefreshTokenLifetime);
lifetime = client.AbsoluteRefreshTokenLifetime;
}
else
{
lifetime = client.SlidingRefreshTokenLifetime;
if (client.AbsoluteRefreshTokenLifetime > 0 && lifetime > client.AbsoluteRefreshTokenLifetime)
{
Logger.LogWarning(
"Client {clientId}'s configured " + nameof(client.SlidingRefreshTokenLifetime) +
" of {slidingLifetime} exceeds its " + nameof(client.AbsoluteRefreshTokenLifetime) +
" of {absoluteLifetime}. The refresh_token's sliding lifetime will be capped to the absolute lifetime",
client.ClientId, lifetime, client.AbsoluteRefreshTokenLifetime);
lifetime = client.AbsoluteRefreshTokenLifetime;
}
Logger.LogDebug("Setting a sliding lifetime: {slidingLifetime}", lifetime);
}
var formCollection = await _scopedHttpContextRequestForm.GetFormCollectionAsync();
var originGrantType = formCollection["grant_type"];
var refreshToken = new RefreshTokenExtra
{
CreationTime = Clock.UtcNow.UtcDateTime,
Lifetime = lifetime,
AccessToken = accessToken,
OriginGrantType = originGrantType
};
var handle = await RefreshTokenStore.StoreRefreshTokenAsync(refreshToken);
return(handle);
}
public async Task Invoke(HttpContext context,
IScopedContext <TenantRequestContext> scopedTenantRequestContext,
IScopedHttpContextRequestForm scopedHttpContextRequestForm,
ITenantStore tenantStore)
{
try
{
// TODO: Probably should use regex here.
string[] parts = context.Request.Path.Value.Split('/');
if (parts.Count() > 1)
{
string tenantName = parts[1];
scopedTenantRequestContext.Context.TenantName = tenantName;
if (string.IsNullOrWhiteSpace(tenantName) || !await tenantStore.IsTenantValidAsync(tenantName))
{
_logger.LogWarning($"TenantId={tenantName}, does not exist!");
context.Response.Clear();
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
await context.Response.WriteAsync("");
return;
}
StringBuilder sb = new StringBuilder();
sb.Append('/');
if (parts.Count() > 2)
{
for (int i = 2; i < parts.Count(); i++)
{
sb.Append(parts[i]);
if (i < parts.Count() - 1)
{
sb.Append('/');
}
}
}
string newPath = sb.ToString();
context.Request.Path = newPath;
context.Request.PathBase = $"/{tenantName}";
switch (context.Request.Method)
{
case "GET":
break;
case "POST":
if (context.Request.ContentType == "application/x-www-form-urlencoded")
{
scopedTenantRequestContext.Context.FormCollection = await scopedHttpContextRequestForm.GetFormCollectionAsync();
}
break;
}
}
}
catch (Exception ex)
{
_logger.LogCritical(ex, "Unhandled exception: {exception}", ex.Message);
throw;
}
await _next(context);
}
