public HttpResponseMessage Revoke([FromBody] OAuthRevokeTokenRequest revokeRequest) { if (string.IsNullOrWhiteSpace(revokeRequest.ClientId) || string.IsNullOrWhiteSpace(revokeRequest.ClientSecret) || string.IsNullOrWhiteSpace(revokeRequest.Token)) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(JsonConvert.SerializeObject( new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidRequest) { ErrorDescription = "client_id, client_secret and token is required." })) }); } var client = _oAuthClientStorage.Fetch(revokeRequest.ClientId); if (client == null || client.ClientSecret != revokeRequest.ClientSecret) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(JsonConvert.SerializeObject( new OAuthTokenErrorResponse(OAuthTokenErrors.InvalidClient))) }); } try { if (revokeRequest.TokenTypeHint != OAuthTokenTypes.RefreshToken) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(JsonConvert.SerializeObject( new OAuthTokenErrorResponse("unsupported_token_type"))) }); } _oAuthRefreshTokenStorage.Delete(revokeRequest.Token); return(new HttpResponseMessage(HttpStatusCode.OK)); } catch (Exception e) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(JsonConvert.SerializeObject( new OAuthTokenErrorResponse() { ErrorDescription = e.Message })) }); } }
public OAuthClient FindValidClient(string clientId, string clientSecret, string grantType) { var client = _oAuthClientStorage.Fetch(clientId); if (client == null) { return(null); } // TODO: Change AllowedGrantTypes for allowed flows? (PasswordGrant etc) // Make sure client is valid if (!client.IsActive || // Client inactive client.ClientSecret != clientSecret || // Invalid secret grantType != OAuthGrantTypes.RefreshToken && !client.AllowedGrantTypes.Contains(grantType)) // Invalid grant type { return(null); } // Client is valid return(client); }