public async Task <IActionResult> TokenExchange([FromBody] TokenExchangeViewModel vm)
{
Application application = await _applicationService.FindByClientIdAsync(vm.ClientId);
if (application == null || vm.ClientSecret != application.ClientSecret)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed - double check your parameters and try again"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
AuthorisationCode authCode = await _authorisationCodeService.FindByCodeAsync(vm.AuthorisationCode);
if (authCode == null)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed - double check your parameters and try again"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
User user = (User)HttpContext.Items["User"];
AccessToken token = await _accessTokenService.CreateAsync(user, authCode.Application);
return(Ok(new
{
status = 200,
message = "Token exchanged successfully",
data = new
{
code = token.Code,
type = "Bearer",
expires = token.ExpiresAt.ToString(CultureInfo.InvariantCulture)
}
}));
}
public async Task <IActionResult> Authenticate([FromBody] PasswordGrantRequestViewModel vm)
{
if (vm.GrantType.ToLower() != "password" || !ModelState.IsValid)
{
string message = (ModelState.IsValid)
? "Unknown grant type provided - Only password grant types are available at this endpoint"
: "Validation failed";
return(new JsonResult(new
{
status = 400,
message,
data = (!ModelState.IsValid) ? ModelState : null
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
User user = await _userService.FindByEmailAsync(vm.Email);
if (user == null || !_userService.VerifyPassword(user.Password, vm.Password))
{
return(new JsonResult(new
{
status = 401,
message = "Invalid credentials provided"
})
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
UserApplication userApplication;
try
{
userApplication = await _userApplicationService.FindOrCreateByUserAndClientIdAsync(user, vm.ClientId);
}
catch (UnknownApplicationException ex)
{
return(new JsonResult(new
{
status = 400,
message = ex.Message
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
if (!userApplication.Application.FirstParty)
{
return(new JsonResult(new
{
status = 403,
message = "Third party applications are not permitted to use password grants"
})
{
StatusCode = StatusCodes.Status403Forbidden
});
}
AccessToken accessToken = await _accessTokenService.CreateAsync(user, userApplication.Application);
CookieOptions options = new CookieOptions();
options.Expires = accessToken.ExpiresAt;
options.HttpOnly = true;
Response.Cookies.Append("_oidc.core-token", accessToken.Code, options);
return(Ok(new
{
status = 200,
message = "Authentication successful",
data = accessToken.Code // @todo - remove this, do not return tokens from this endpoint
}));
}