public RefreshTokenResult RefreshToken(OAuthSiteInfo site)
{
RefreshTokenResult result = null;
ClaimsPrincipal claimsPrincipal = _identityHelper.GetCurrentClaimsPrincipal();
string refreshToken = claimsPrincipal?.Claims?.FirstOrDefault(c => c.Type == OAuthRefreshTokenClaimType)
?.Value;
if (!string.IsNullOrWhiteSpace(refreshToken))
{
HttpResponseMessage response;
using (HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "token"))
{
request.Content = new FormUrlEncodedContent(new OAuthRefreshTokenRequest(site, refreshToken).ToDictionary());
response = HttpClient.SendAsync(request).Result;
}
if (response.IsSuccessStatusCode)
{
OAuthToken token = response.Content.ReadAsAsync <OAuthToken>().Result;
_identityHelper.UpdateClaim(new Claim(OAuthAccessTokenClaimType, token.Access_Token));
_identityHelper.UpdateClaim(new Claim(OAuthExpiresInClaimType, token.Expires_In));
_identityHelper.UpdateClaim(new Claim(OAuthRefreshTokenClaimType, token.Refresh_Token));
result = new RefreshTokenResult {
AccessToken = token.Access_Token, ExpiresIn = token.Expires_In
};
}
else
{
Log.Error($"OAuth Authority responded with an error code: {response.Content.ReadAsStringAsync().Result}", this);
}
}
return(result);
}
public async void Update(RefreshTokenResult result)
{
if (result.IsError)
{
if (result.Error == "invalid_grant")
{
Reset();
}
return;
}
AccessToken = result.AccessToken;
AccessTokenExpirationTime = DateTime.Now.AddSeconds(result.ExpiresIn);
if (result.RefreshToken != null)
{
RefreshToken = result.RefreshToken;
}
if (result.IdentityToken != null)
{
IdToken = result.IdentityToken;
}
await UpdateRevocationEndpointAsync();
forceTokenRefresh = false;
UpdateHooks?.Invoke();
}
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
var token = _token;
if (token == null || _token.IsError || _token.AccessTokenExpiration <= DateTime.Now)
{
token = await _flow.RefreshTokenAsync(_refreshToken);
if (token.IsError)
{
_token = null;
throw new ServiceException(
new Error
{
//Code = GraphErrorCode.AuthenticationFailure,
Message = _token.Error
});
}
_token = token;
}
var accessToken = token.AccessToken;
if (!string.IsNullOrEmpty(accessToken))
{
request.Headers.Authorization = new AuthenticationHeaderValue(CoreConstants.Headers.Bearer, accessToken);
}
}
public static Credentials ToCredentials(this RefreshTokenResult refreshTokenResult)
=> new Credentials
{
AccessToken = refreshTokenResult.AccessToken,
IdentityToken = refreshTokenResult.IdentityToken,
RefreshToken = refreshTokenResult.RefreshToken,
AccessTokenExpiration = refreshTokenResult.AccessTokenExpiration
};
private static void RefreshAccessToken()
{
RefreshTokenResult refreshTokenResult = AsyncFuncHelper.RunSync(async() => await CurrentOidcClientInfo.OidcClient.RefreshTokenAsync(CurrentOidcClientInfo.RefreshToken));
CurrentOidcClientInfo.AccessToken = refreshTokenResult.AccessToken;
CurrentOidcClientInfo.RefreshToken = refreshTokenResult.RefreshToken;
CurrentOidcClientInfo.ValidDate = refreshTokenResult.AccessTokenExpiration;
}
public static async Task <HttpGetJsonResult> HttpGetJsonAsync(string uri, AuthState authState)
{
if (!authState.IsAuthorized)
{
return(new HttpGetJsonResult {
Code = X_HTTP_NEED_REAUTHZ
});
}
if (authState.NeedsTokenRefresh)
{
RefreshTokenResult result;
try {
result = await authState.Client.RefreshTokenAsync(authState.RefreshToken);
authState.Update(result);
} catch (Exception e) {
result = new RefreshTokenResult {
Error = e.Message
};
}
if (result.IsError)
{
return(new HttpGetJsonResult {
Code = authState.IsAuthorized ? X_HTTP_ERROR : X_HTTP_NEED_REAUTHZ,
Json = new { error = result.Error }
});
}
}
try {
#if true
// Use custom HttpClientHandler for demonstration. (next 4 lines)
var handler = new HttpClientHandlerEx();
handler.BeforeRequestAsyncHooks += LogPage.HttpRequestLoggerAsync;
handler.AfterResponseAsyncHooks += LogPage.HttpResponseLoggerAsync;
using (var client = new HttpClient(handler: handler)) {
#else
// This is normal implementation.
using (var client = new HttpClient()) {
#endif
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authState.AccessToken);
var response = await client.GetAsync(uri);
return(new HttpGetJsonResult {
Code = response.StatusCode == HttpStatusCode.Unauthorized ? X_HTTP_NEED_REAUTHZ : response.StatusCode,
Json = JsonConvert.DeserializeObject(await response.Content.ReadAsStringAsync())
});
}
} catch (Exception ex) {
return(new HttpGetJsonResult {
Code = X_HTTP_ERROR,
Json = new { error = ex.GetType().Name, error_description = ex.Message }
});
}
}
public async Task <Credentials> RefreshToken(string refreshToken)
{
try
{
OidcClient oidcClient = CreateOidcClient();
RefreshTokenResult refreshTokenResult = await oidcClient.RefreshTokenAsync(refreshToken);
return(refreshTokenResult.ToCredentials());
}
catch (Exception ex)
{
Console.WriteLine(ex);
return(new Credentials {
Error = ex.ToString()
});
}
}
public async Task <bool> RefreshAsync()
{
// Check secure storage for refresh token.
EnsureAuthClient();
RefreshTokenResult refreshResult = null;
try
{
refreshResult = await _client.RefreshTokenAsync(RefreshToken);
}
catch (Exception e)
{
Debug.Log("UnityAuthClient::Exception during refresh: " + e.Message);
return(false);
}
if (refreshResult.IsError)
{
Debug.Log("UnityAuthClient::Error authenticating: " + refreshResult.Error);
}
else
{
AccessToken = refreshResult.AccessToken;
RefreshToken = refreshResult.RefreshToken;
IdentityToken = refreshResult.IdentityToken;
AccessTokenExpiration = DateTime.Now.AddSeconds(refreshResult.ExpiresIn);
KeyChain.SetString(refreshKey, RefreshToken);
Debug.Log("UnityAuthClient::AccessToken: " + AccessToken);
Debug.Log("UnityAuthClient::RefreshToken: " + RefreshToken);
Debug.Log("UnityAuthClient::IdentityToken: " + IdentityToken);
Debug.Log("UnityAuthClient::AccessTokenExpiration: " + AccessTokenExpiration);
Debug.Log("UnityAuthClient::Refreshed.");
return(true);
}
return(false);
}
public static async Task <RefreshTokenResult> StartRefreshToken()
{
RefreshTokenResult refresh_token_result = new RefreshTokenResult();
try
{
string url = String.Format("callback?refresh_token={0}", Settings.Default.RefreshToken);
HttpResponseMessage response = await TokenClient.GetAsync(url);
response.EnsureSuccessStatusCode();
string response_body = await response.Content.ReadAsStringAsync();
refresh_token_result.Token = JsonConvert.DeserializeObject <Model.Token>(response_body);
refresh_token_result.Token.token_time = DateTime.Now;
refresh_token_result.Status = 1;
return(refresh_token_result);
}
catch (HttpRequestException e)
{
refresh_token_result.Status = -1;
refresh_token_result.ErrorMessage = e.Message;
return(refresh_token_result);
}
}
/// <summary>
/// Refreshes jwt token
/// </summary>
/// <param name="token">Old token</param>
/// <returns>New token</returns>
public async Task <RefreshTokenResult> RefreshToken(string token)
{
var tokenValidationParams = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtSecurityKey"]))
};
ClaimsPrincipal principal;
try
{
principal = new JwtSecurityTokenHandler().ValidateToken(token, tokenValidationParams, out var securityToken);
}
catch (Exception e)
{
return(null);
}
if (principal == null)
{
return(null);
}
if (!principal.Identity.IsAuthenticated)
{
return(null);
}
var userEmail = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name).Value;
if (userEmail == null)
{
return(null);
}
var userDb = await UserManager.FindByEmailAsync(userEmail);
if (userDb == null)
{
return(null);
}
var userRoles = await UserManager.GetRolesAsync(userDb);
var userBaseInfo = Mapper.Map <User, UserBaseInfo>(userDb);
userBaseInfo.Roles = userRoles.Select(r => new RoleDto {
Name = r
});
var result = new RefreshTokenResult
{
Token = await GenerateJwtToken(userDb),
User = userBaseInfo
};
return(result);
}
