/// <summary>
/// Custom validation logic for access tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <returns>
/// The validation result
/// </returns>
public virtual async Task<TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result)
{
if (result.IsError)
{
return result;
}
// make sure user is still active (if sub claim is present)
var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject);
if (subClaim != null)
{
var principal = Principal.Create("tokenvalidator", result.Claims.ToArray());
if (result.ReferenceTokenId.IsPresent())
{
principal.Identities.First().AddClaim(new Claim(Constants.ClaimTypes.ReferenceTokenId, result.ReferenceTokenId));
}
var isActiveCtx = new IsActiveContext(principal, result.Client);
await _users.IsActiveAsync(isActiveCtx);
if (isActiveCtx.IsActive == false)
{
Logger.Warn("User marked as not active: " + subClaim.Value);
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.InvalidToken;
result.Claims = null;
return result;
}
}
// make sure client is still active (if client_id claim is present)
var clientClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.ClientId);
if (clientClaim != null)
{
var client = await _clients.FindClientByIdAsync(clientClaim.Value);
if (client == null || client.Enabled == false)
{
Logger.Warn("Client deleted or disabled: " + clientClaim.Value);
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.InvalidToken;
result.Claims = null;
return result;
}
}
return result;
}
/// <summary>
/// Custom validation logic for identity tokens.
/// </summary>
/// <param name="result">The validation result so far.</param>
/// <returns>
/// The validation result
/// </returns>
public virtual async Task<TokenValidationResult> ValidateIdentityTokenAsync(TokenValidationResult result)
{
// make sure user is still active (if sub claim is present)
var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject);
if (subClaim != null)
{
var principal = Principal.Create("tokenvalidator", result.Claims.ToArray());
var isActiveCtx = new IsActiveContext(principal, result.Client);
await _users.IsActiveAsync(isActiveCtx);
if (isActiveCtx.IsActive == false)
{
Logger.Warn("User marked as not active: " + subClaim.Value);
result.IsError = true;
result.Error = Constants.ProtectedResourceErrors.InvalidToken;
result.Claims = null;
return result;
}
}
return result;
}
public override Task<TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null)
{
var result = new TokenValidationResult
{
Error = Constants.ProtectedResourceErrors.InvalidToken
};
return Task.FromResult(result);
}
public override Task<TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null)
{
var result = new TokenValidationResult
{
IsError = false,
Claims = new[]
{
new Claim(Constants.ClaimTypes.Subject, "unique_subject"),
new Claim(Constants.ClaimTypes.Name, "subject name")
}
};
return Task.FromResult(result);
}
public override Task<TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true)
{
var result = new TokenValidationResult
{
Error = Constants.ProtectedResourceErrors.InvalidToken
};
return Task.FromResult(result);
}
public override Task<TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true)
{
var result = new TokenValidationResult
{
IsError = false,
Claims = new[]
{
new Claim(Constants.ClaimTypes.Subject, "unique_subject"),
new Claim(Constants.ClaimTypes.Name, "subject name")
}
};
return Task.FromResult(result);
}