public async Task <JObject> Handle(string clientId, HandlerContext handlerContext, CancellationToken cancellationToken)
{
var oauthClient = await GetClient(clientId, handlerContext, cancellationToken);
var extractedClient = ExtractClient(handlerContext);
if (extractedClient.ClientId != oauthClient.ClientId)
{
Logger.LogError("the client identifier must be identical");
throw new OAuthException(ErrorCodes.INVALID_REQUEST, ErrorMessages.CLIENT_IDENTIFIER_MUST_BE_IDENTICAL);
}
extractedClient.ClientId = oauthClient.ClientId;
extractedClient.SetClientSecret(oauthClient.ClientSecret, oauthClient.ClientSecretExpirationTime);
extractedClient.RegistrationAccessToken = oauthClient.RegistrationAccessToken;
extractedClient.UpdateDateTime = DateTime.UtcNow;
extractedClient.CreateDateTime = oauthClient.CreateDateTime;
await _oauthClientValidator.Validate(extractedClient, cancellationToken);
await OAuthClientRepository.Update(extractedClient, cancellationToken);
await OAuthClientRepository.SaveChanges(cancellationToken);
Logger.LogInformation($"the client '{clientId}' has been updated");
return(null);
}
public virtual async Task Handle(string clientId, HandlerContext handlerContext, CancellationToken cancellationToken)
{
var oauthClient = await GetClient(clientId, handlerContext, cancellationToken);
var searchResult = await _tokenRepository.Find(new SearchTokenParameter
{
ClientId = clientId
}, cancellationToken);
if (searchResult.Content.Any())
{
await _grantedTokenHelper.RemoveTokens(searchResult.Content, cancellationToken);
Logger.LogInformation($"the tokens '{string.Join(",", searchResult.Content.Select(_ => _.Id))}' have been revoked");
}
Logger.LogInformation($"the client '{clientId}' has been removed");
await OAuthClientRepository.Delete(oauthClient, cancellationToken);
}
public virtual async Task <BaseClient> GetClient(string clientId, HandlerContext handlerContext, CancellationToken cancellationToken)
{
var accessToken = handlerContext.Request.GetToken(AutenticationSchemes.Bearer, AutenticationSchemes.Basic);
if (string.IsNullOrWhiteSpace(accessToken))
{
Logger.LogError("access token is missing");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, ErrorMessages.MISSING_ACCESS_TOKEN);
}
var clients = await OAuthClientRepository.Find(new Persistence.Parameters.SearchClientParameter
{
RegistrationAccessToken = accessToken
}, cancellationToken);
if (!clients.Content.Any())
{
Logger.LogError($"access token '{accessToken}' is invalid");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, ErrorMessages.BAD_ACCESS_TOKEN);
}
var client = clients.Content.First();
if (client.ClientId != clientId)
{
client.RegistrationAccessToken = null;
await OAuthClientRepository.Update(client, cancellationToken);
await OAuthClientRepository.SaveChanges(cancellationToken);
Logger.LogError($"access token '{accessToken}' can be used for the client '{client.ClientId}' and not for the client '{clientId}'");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, string.Format(ErrorMessages.ACCESS_TOKEN_VALID_CLIENT, client.ClientId, clientId));
}
return(client);
}
