} //injected by IOC
public DataModels.TokenInfo Get(TokenInfoRequest TokenInfoRequest)
{
if (string.IsNullOrWhiteSpace(TokenInfoRequest.access_token))
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "Missing access token");
}
DataModels.TokenInfo info = TokenModel.GetToken <DataModels.TokenInfo>(TokenInfoRequest.access_token);
if (info == null)
{
Response.StatusCode = (int)System.Net.HttpStatusCode.NotFound;
return(null);
}
Response.StatusCode = (int)System.Net.HttpStatusCode.Found;
if (TokenInfoRequest.validate_only)
{
return(null);
}
if (!string.IsNullOrWhiteSpace(info.resource_owner_id))
{
info.owner = ResourceOwnerModel.GetByID(info.resource_owner_id);
}
return(info);
Response.Write(info.ToJson());
Response.Close();
return(null);
return(info);
}
public async Task <IHttpActionResult> PostAsync([FromBody] TokenInfoRequest tokenInfoRequest)
{
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest("Invalid token"));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
TokenInfo tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
HttpContext.Current.Response.Headers.Add("Cache-Control", "no-cache");
return(Ok(tokenInfo));
}
public async Task InitializeAsync()
{
await using var container = new Container();
var http = container.Resolve <IHttpClientFactory>().CreateClient("GW2SDK");
var subtokenService = new SubtokenService(http);
SubtokenPermissions = Enum.GetValues(typeof(Permission)).Cast <Permission>().ToList();
var exp = DateTimeOffset.Now.AddDays(1);
// Truncate to seconds: API probably doesn't support milliseconds
ExpiresAt = DateTimeOffset.FromUnixTimeSeconds(exp.ToUnixTimeSeconds());
Urls = new List <string> {
"/v2/tokeninfo", "/v2/account", "/v2/characters/My Cool Character"
};
var createdSubtoken = await subtokenService.CreateSubtoken(ConfigurationManager.Instance.ApiKeyFull, SubtokenPermissions, ExpiresAt, Urls);
// All tests that use this fixture are flaky: GetTokenInfo occassionally fails right after the subtoken is created
// Adding a delay seems to help, possibly because of clock skew?
await Task.Delay(1000);
var request = new TokenInfoRequest(createdSubtoken.Subtoken);
using var response = await http.SendAsync(request);
response.EnsureSuccessStatusCode();
CreatedSubtokenDate = response.Headers.Date.GetValueOrDefault(DateTimeOffset.Now);
SubtokenInfoJson = await response.Content.ReadAsStringAsync();
}
private async Task <string> GetTokenInfoJson(HttpClient http, string accessToken)
{
var request = new TokenInfoRequest(accessToken);
using var response = await http.SendAsync(request);
response.EnsureSuccessStatusCode();
return(await response.Content.ReadAsStringAsync());
}
public async Task <TokenInfo?> GetTokenInfo(string?accessToken)
{
var request = new TokenInfoRequest(accessToken);
using var response = await _http.SendAsync(request).ConfigureAwait(false);
response.EnsureSuccessStatusCode();
var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
return(JsonConvert.DeserializeObject <TokenInfo>(json, Json.DefaultJsonSerializerSettings));
}
private async Task <IActionResult> GetTokenInformation(TokenInfoRequest tokenInfoRequest)
{
if (!_isEnabled)
{
return(NotFound());
}
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest(ErrorTranslator.GetErrorMessage("Invalid token")));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
var tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
Response.GetTypedHeaders().CacheControl = new CacheControlHeaderValue {
NoCache = true
};
return(Ok(tokenInfo));
}
public async Task <IActionResult> PostFromFormAsync([FromForm] TokenInfoRequest tokenInfoRequest) => await GetTokenInformation(tokenInfoRequest);
