public async Task <IHttpActionResult> PostAsync([FromBody] TokenInfoRequest tokenInfoRequest)
{
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest("Invalid token"));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
TokenInfo tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
HttpContext.Current.Response.Headers.Add("Cache-Control", "no-cache");
return(Ok(tokenInfo));
}
private async Task <IActionResult> GetTokenInformation(TokenInfoRequest tokenInfoRequest)
{
if (!_isEnabled)
{
return(NotFound());
}
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest(ErrorTranslator.GetErrorMessage("Invalid token")));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
var tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
Response.GetTypedHeaders().CacheControl = new CacheControlHeaderValue {
NoCache = true
};
return(Ok(tokenInfo));
}
