public async Task <JsonWebToken> CreateAccessTokenAsync(string token) { var refreshToken = await _refreshTokenRepository.FindAsync(x => x.Token == token); if (refreshToken == null) { throw new StocqresException("Refresh token was not found"); } if (refreshToken.Revoked) { throw new StocqresException($"Refresh token: {refreshToken.Id} was revoked."); } var jwt = await _tokenService.CreateTokenForUser(refreshToken.UserId); jwt.RefreshToken = refreshToken.Token; return(jwt); }
public async Task <bool> RevokeRefreshToken(int userId, string refreshToken) { var token = await _refreshTokenRepository.FindAsync(userId, refreshToken); if (token == null) { return(false); } if (!token.Valid) { return(true); } token.Valid = false; token.Revoked = DateTimeOffset.Now; await _refreshTokenRepository.UpdateAsync(token); return(true); }
private async Task ValidateRequestAsync(IRefreshTokenRequest request) { _request = request; if (_request.ClientId == Guid.Empty || _request.ClientSecret == null) { throw new InvalidClientException("Invalid client credentials."); } if (_request.RefreshToken == null) { throw new InvalidGrantException("Refresh token could not be found"); } _refreshToken = await _refreshTokenRepository.FindAsync(request.RefreshToken); if (_refreshToken == null || _refreshToken.IsExpired || _refreshToken.Application.ClientId != request.ClientId) { throw new InvalidGrantException("Refresh token could not be found."); } // If someone tries to use the same refresh token twice, disable the access token. if (_refreshToken.Used) { if (_refreshToken.AccessToken != null && !_refreshToken.AccessToken.IsExpired) { _refreshToken.AccessToken.Disabled = true; await _accessTokenRepository.SaveAsync(); } throw new InvalidGrantException("Refresh token could not be found."); } await _authenticateClientService.AuthenticateAsync(_request.ClientId, _request.ClientSecret); // Make sure all requested scopes were requested in the original refresh token. if (request.Scope != null) { var scopes = request.Scope.Split(" "); foreach (var scope in scopes) { // Only allow the refreshed token to use the scopes issued with the // original token as per https://tools.ietf.org/html/rfc6749#section-6 var originalScopes = _refreshToken.AuthorizationCode.Scope.Split(" "); if (originalScopes.All(scopeName => scopeName != scope)) { throw new InvalidScopeException("The provided scope is invalid."); } } } _scope = request.Scope ?? _refreshToken.Scope; }