public virtual IToken ExchangeRequestTokenForAccessToken(IOAuthContext context) { var token = _tokenStore.GetToken(context); if (token != null) { context.TokenSecret = token.TokenSecret; } InspectRequest(context); _tokenStore.ConsumeRequestToken(context); switch (_tokenStore.GetStatusOfRequestForAccess(context)) { case RequestForAccessStatus.Granted: break; case RequestForAccessStatus.Unknown: throw Error.ConsumerHasNotBeenGrantedAccessYet(context); default: throw Error.ConsumerHasBeenDeniedAccess(context); } return(_tokenStore.GetAccessTokenAssociatedWithRequestToken(context)); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var tokenCredential = _tokenStore.GetToken(_tokenIdentifier); AssignAuthenticationHeader(request, tokenCredential); var response = await base.SendAsync(request, cancellationToken); return(await PreHandleResponseMessage(response, request, cancellationToken)); }
public async Task <GrantedToken> GetValidGrantedTokenAsync(string scopes, string clientId, JwsPayload idTokenJwsPayload = null, JwsPayload userInfoJwsPayload = null) { if (string.IsNullOrWhiteSpace(scopes)) { throw new ArgumentNullException(nameof(scopes)); } if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException(nameof(clientId)); } var token = await _tokenStore.GetToken(scopes, clientId, idTokenJwsPayload, userInfoJwsPayload); if (token == null) { return(null); } if (!_grantedTokenValidator.CheckGrantedToken(token).IsValid) { await _tokenStore.RemoveAccessToken(token.AccessToken); return(null); } return(token); }
public static async Task <GrantedToken?> GetValidGrantedToken( this ITokenStore tokenStore, IJwksStore jwksStore, string scopes, string clientId, CancellationToken cancellationToken = default, JwtPayload?idTokenJwsPayload = null, JwtPayload?userInfoJwsPayload = null) { var token = await tokenStore.GetToken(scopes, clientId, idTokenJwsPayload, userInfoJwsPayload, cancellationToken) .ConfigureAwait(false); if (token == null) { return(null); } if ((await token.CheckGrantedToken(jwksStore, cancellationToken).ConfigureAwait(false)).IsValid) { return(token); } await tokenStore.RemoveAccessToken(token.AccessToken, cancellationToken).ConfigureAwait(false); return(null); }
private async Task <string> GetTokenForRequest(HttpRequestMessage requestMessage, CancellationToken cancellationToken = default) { cancellationToken.ThrowIfCancellationRequested(); if (requestMessage.Headers.TryGetValues("x-impersonate-userId", out var userIdHeaderValues) && requestMessage.Headers.TryGetValues("x-impersonate-audience", out var audienceHeaderValues)) { var userId = userIdHeaderValues.First(); var audience = audienceHeaderValues.First(); return(await userTokenStore.GetUserToken(userId, audience, cancellationToken)); } return(await tokenStore.GetToken(cancellationToken)); }
public override IMessage Invoke(IMessage msg) { try { AccessToken token = null; if (_tokenStore != null) { token = _tokenStore.GetToken(_applicationId); } return(InvokeRecursive(msg, true, token)); } catch (Exception exception) { return(new ReturnMessage(exception, (IMethodCallMessage)msg)); } }
public Task Invoke(IOwinContext context, Func <Task> next) { var request = context.Request; var accessToken = request.Headers["api-token"]; if (string.IsNullOrEmpty(accessToken)) { throw new HttpException((int)HttpStatusCode.Forbidden, "No API token found in the request"); } var token = _tokenStore.GetToken("api", accessToken); if (token.Status != TokenStatus.Allowed) { throw new HttpException((int)HttpStatusCode.Forbidden, "This API token is not valid at this time"); } return(next()); }
public void Should_allow_default_tokens_for_any_identity_and_purpose() { const string tokenType = "session"; var sessionToken = _tokenStore.CreateToken(tokenType); var token = _tokenStore.GetToken(tokenType, sessionToken); Assert.IsNotNull(token); Assert.AreEqual(sessionToken, token.Value); Assert.IsTrue(string.IsNullOrEmpty(token.Identity)); Assert.IsTrue(string.IsNullOrEmpty(token.Purpose)); Assert.AreEqual(TokenStatus.Allowed, token.Status); const string identity = "urn:user:431"; const string purpose = "login"; token = _tokenStore.GetToken(tokenType, sessionToken, purpose, identity); Assert.IsNotNull(token); Assert.AreEqual(sessionToken, token.Value); Assert.AreEqual(purpose, token.Purpose); Assert.AreEqual(identity, token.Identity); Assert.AreEqual(TokenStatus.Allowed, token.Status); }
public async Task When_No_Access_Token_Exists_Then_Null_Is_Returned() { // ARRANGE InitializeFakeObjects(); _stubStorage.Setup(s => s.TryGetValueAsync <List <GrantedToken> >("granted_tokens")).Returns(Task.FromResult((List <GrantedToken>)null)); // ACT var result = await _tokenStore.GetToken("scope", "clientid", null, null).ConfigureAwait(false); // ASSERT Assert.Null(result); }
private void ResetPassword(IOwinContext context, Identification identification) { var form = context.Request.ReadFormAsync().Result; var userName = form["username"]; var resetToken = form["reset-token"]; var newPassword = form["new-password"]; var failed = false; if (resetToken == null) { SetOutcome(context, identification, "No password reset token provided"); failed = true; } else if (userName == null) { SetOutcome(context, identification, "No username provided"); failed = true; } else if (newPassword == null) { SetOutcome(context, identification, "No new password provided"); failed = true; } ICredential credential = null; if (!failed) { credential = _identityStore.GetUsernameCredential(userName); if (credential == null) { SetOutcome(context, identification, "Invalid username provided"); failed = true; } } if (!failed) { var token = _tokenStore.GetToken("passwordReset", resetToken, "ResetPassword", userName); if (token.Status == TokenStatus.Allowed) { try { if (_identityStore.ChangePassword(credential, form["new-password"])) { SetOutcome(context, identification, "Password succesfully reset"); identification.Identity = credential.Identity; identification.Claims = _identityDirectory.GetClaims(credential.Identity); context.Response.Cookies.Append(IdentityCookie, credential.Identity); context.Response.Cookies.Delete(RememberMeCookie); context.Response.Redirect(SecureHomePage); } else { SetOutcome(context, identification, "Password reset failed"); } } catch (InvalidPasswordException e) { SetOutcome(context, identification, "Invalid password. " + e.Message + ". You will need to get a new password reset token to try again."); } } else { SetOutcome(context, identification, "This password reset token has been used before"); } } GoHome(context, identification); }