public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
_authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService));
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
//context.Validate();
context.Reject("Nao foram fornecidas todas as credenciais necessarias");
return(Task.FromResult <object>(null));
}
client = _authService.FindClient(context.ClientId);
if (client == null)
{
context.Reject("O clientId fornecido nao eh valido");
return(Task.FromResult <object>(null));
}
if (!client.Active)
{
context.Reject("O Client nao esta mais ativo");
return(Task.FromResult <object>(null));
}
context.Validate();
return(Task.FromResult <object>(null));
}
// Validate the grant_type and the client application credentials
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject the token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password or grant_type=refresh_token are accepted by this server.");
return;
}
// Check if refresh-token exists in DB
if (context.Request.IsRefreshTokenGrantType())
{
var id = RefreshTokenProvider.GenerateId(context.Request.RefreshToken);
if (!await RavenDatabaseProvider.IsEntityExists(id))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid client.");
return;
}
}
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skip()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skip();
return;
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return(Task.FromResult(0));
}
if (string.Equals(context.ClientId, "AspNetContribSample", StringComparison.Ordinal))
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skip();
}
else
{
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Reject(OpenIdConnectConstants.Errors.InvalidClient);
}
return(Task.FromResult(0));
}
private async Task _validateClientCredentialsTokenRequest(ValidateTokenRequestContext context)
{
// TODO increment user rate limit (nb this increment only happens in Validate)
authservice = context.HttpContext.RequestServices.GetRequiredService <IValidateAuthorizationService>();
if (authservice == null)
{
context.Reject(OpenIdConnectConstants.Errors.ServerError, "Failed to validate this authorization request");
return;
}
if (String.IsNullOrWhiteSpace(context.ClientId))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_id.");
return;
}
else if (String.IsNullOrWhiteSpace(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_secret.");
return;
}
else if (!(await authservice.CheckClientIdExists(context.ClientId)))
{
context.Reject(error: OpenIdConnectConstants.Errors.InvalidClient, description: "Supplied Client Id was not a valid application Client Id.");
return;
}
else if (!(await authservice.CheckSecretMatchesId(context.ClientId, context.ClientSecret)))
{
context.Reject(error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Supplied Secret was not correct for the Client Id.");
return;
}
context.Validate();
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization provider uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
OpenIdConnectConstants.Errors.UnsupportedGrantType,
"Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
return;
}
// Note: client authentication is not mandatory for non-confidential client applications like mobile apps
// (except when using the client credentials grant type) but this authorization server uses a safer policy
// that makes client authentication mandatory and returns an error if client_id or client_secret is missing.
// You may consider relaxing it to support the resource owner password credentials grant type
// with JavaScript or desktop applications, where client credentials cannot be safely stored.
// In this case, call context.Skip() to inform the server middleware the client is not trusted.
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Reject(
OpenIdConnectConstants.Errors.InvalidRequest,
"Missing credentials: ensure that your credentials were correctly " +
"flowed in the request body or in the authorization header");
return;
}
// Retrieve the application details corresponding to the requested client_id.
var application = await _applicationRepository.GetByIdAsync(context.ClientId);
if (application == null)
{
context.Reject(
OpenIdConnectConstants.Errors.InvalidClient,
"Application not found in the database: ensure that your client_id is correct");
return;
}
// Note: to mitigate brute force attacks, you SHOULD strongly consider applying
// a key derivation function like PBKDF2 to slow down the secret validation process.
// You SHOULD also consider using a time-constant comparer to prevent timing attacks.
// For that, you can use the CryptoHelper library developed by @henkmollema:
// https://github.com/henkmollema/CryptoHelper. If you don't need .NET Core support,
// SecurityDriven.NET/inferno is a rock-solid alternative: http://securitydriven.net/inferno/
if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal))
{
context.Reject(
OpenIdConnectConstants.Errors.InvalidClient,
"Invalid credentials: ensure that you specified a correct client_secret");
return;
}
context.Validate();
}
private async Task _validateAuthorizationTokenRequest(ValidateTokenRequestContext context)
{
// TODO increment user rate limit (nb this increment only happens in Validate)
// TODO check user is within their rate limit for the requested client_id
if (String.IsNullOrWhiteSpace(context.ClientId))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_id.");
return;
}
else if (String.IsNullOrWhiteSpace(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_secret.");
return;
}
if (String.IsNullOrWhiteSpace(context.Request.Code))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Missing credentials: ensure that you specified a value for code.");
return;
}
context.Validate();
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization provider uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
return;
}
// Note: client authentication is not mandatory for non-confidential client applications like mobile apps
// (except when using the client credentials grant type) but this authorization server uses a safer policy
// that makes client authentication mandatory and returns an error if client_id or client_secret is missing.
// You may consider relaxing it to support the resource owner password credentials grant type
// with JavaScript or desktop applications, where client credentials cannot be safely stored.
// In this case, call context.Skip() to inform the server middleware the client is not trusted.
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Missing credentials: ensure that your credentials were correctly " +
"flowed in the request body or in the authorization header");
return;
}
using (var database = new ApplicationContext()) {
// Retrieve the application details corresponding to the requested client_id.
var application = await(from entity in database.Applications
where entity.ApplicationID == context.ClientId
select entity).SingleOrDefaultAsync(context.OwinContext.Request.CallCancelled);
if (application == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Application not found in the database: " +
"ensure that your client_id is correct");
return;
}
if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid credentials: ensure that you " +
"specified a correct client_secret");
return;
}
context.Validate();
}
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return;
}
//context.Validate();
var applicationUser = await userManager.FindByNameAsync(context.Request.Username);
if (applicationUser == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid user credentials.");
return;
}
// Ensure the password is valid.
if (!await userManager.CheckPasswordAsync(applicationUser, context.Request.Password))
{
if (userManager.SupportsUserLockout)
{
await userManager.AccessFailedAsync(applicationUser);
}
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid user credentials.");
return;
}
var identity = new ClaimsIdentity(
OpenIdConnectServerDefaults.AuthenticationScheme,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
identity.AddClaim(
new Claim(OpenIdConnectConstants.Claims.Subject, applicationUser.UserName)
.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken));
identity.AddClaim(
new Claim(OpenIdConnectConstants.Claims.Name, applicationUser.UserName)
.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken));
}
/// <summary>
/// Validates whether the client is a valid known application in our system.
/// </summary>
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsRefreshTokenGrantType() &&
!context.Request.IsPasswordGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only password and refresh token grant types " +
"are accepted by this authorization server");
return;
}
var query = new ValidateClientQuery(context.ClientId, context.ClientSecret);
var result = await ExecuteQuery(context, query);
if (!result.Succeeded)
{
context.Reject(
error: "invalid_client",
description: "Client not found in the database: ensure that your client_id is correct");
return;
}
context.HttpContext.Items.Add("as:clientAllowedOrigin", result.AllowedOrigin);
if (context.Request.IsPasswordGrantType())
{
// Resolve ASP.NET Core Identity's user manager from the DI container.
var userManager = context.HttpContext.RequestServices.GetRequiredService <UserManager <IdentityUser> >();
var user = await userManager.FindByNameAsync(context.Request.Username);
if (user == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid user details.");
return;
}
// Reject the token request if email confirmation is required.
//if (!(await userManager.IsEmailConfirmedAsync(user)))
//{
// context.Reject(
// error: OpenIdConnectConstants.Errors.InvalidGrant,
// description: "Email confirmation is required for this account.");
// return;
//}
}
context.Validate();
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (string.IsNullOrEmpty(context.ClientId))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Missing credentials: ensure that your credentials were correctly " +
"flowed in the request body or in the authorization header");
return(Task.FromResult(0));
}
#region Validate Client
var application = _applicationservice.GetByClientId(context.ClientId);
if (applicationResult == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Application not found in the database: ensure that your client_id is correct");
return(Task.FromResult(0));
}
else
{
var application = applicationResult.Data;
if (application.ApplicationType == (int)ApplicationTypes.JavaScript)
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skip();
}
else
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Authorization server only handles Javascript application.");
return(Task.FromResult(0));
}
}
#endregion Validate Client
var request = context.Request.RequestUri;
return(Task.FromResult(0));
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (context.Request.IsRefreshTokenGrantType())
{
await _validateRefreshTokenRequest(context);
return;
}
else if (context.Request.IsAuthorizationCodeGrantType())
{
await _validateAuthorizationTokenRequest(context);
return;
}
else if (context.Request.IsClientCredentialsGrantType())
{
await _validateClientCredentialsTokenRequest(context);
return;
}
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code, client credentials, and implicit grants " +
"are accepted by this authorization server");
return;
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject the token request if it doesn't specify grant_type=authorization_code,
// grant_type=password or grant_type=refresh_token.
if (!context.Request.IsAuthorizationCodeGrantType() &&
!context.Request.IsPasswordGrantType() &&
!context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=authorization_code, grant_type=password or " +
"grant_type=refresh_token are accepted by this server.");
return(Task.FromResult(0));
}
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skip()
// to inform the server the request should be accepted without
// enforcing client authentication.
//context.Skip();
IClientService clientService = (IClientService)context.HttpContext.RequestServices.GetService(typeof(IClientService));
ClientModel client = clientService.Get(context.ClientId);
if (client == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client identifier is invalid.");
return(Task.FromResult(0));
}
if (!string.Equals(context.ClientSecret, client.ClientSecret, StringComparison.Ordinal))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client credentials are invalid.");
return(Task.FromResult(0));
}
context.Validate();
return(Task.FromResult(0));
}
/// <summary>
/// Represents an event called for each request to the token endpoint
/// to determine if the request is valid and should continue.
/// </summary>
/// <param name="context">The context instance associated with this event.</param>
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization provider uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && !context.Request.IsTokenRequest())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server.");
return;
}
// Note: client authentication is not mandatory for non-confidential client applications like mobile apps
// (except when using the client credentials grant type) but this authorization server uses a safer policy
// that makes client authentication mandatory and returns an error if client_id or client_secret is missing.
// You may consider relaxing it to support the resource owner password credentials grant type
// with JavaScript or desktop applications, where client credentials cannot be safely stored.
// In this case, call context.Skip() to inform the server middleware the client is not trusted.
if (context.ClientId.IsNullOrWhiteSpace() || context.ClientSecret.IsNullOrWhiteSpace())
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id'/'client_secret' parameters are missing.");
return;
}
// Retrieve the application details corresponding to the requested client_id.
var rockContext = new RockContext();
var authClientService = new AuthClientService(rockContext);
var authClient = await authClientService.GetByClientIdAndSecretAsync(context.ClientId, context.ClientSecret);
if (authClient == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client credentials are invalid.");
return;
}
context.Validate();
}
// Implement OnValidateTokenRequest to support flows using the token endpoint
// (code/refresh token/password/client credentials/custom grant).
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code and refresh token grant type are accepted by this authorization server.");
return;
}
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id'/'client_secret' parameters are missing");
return;
}
var database = context.HttpContext.RequestServices.GetRequiredService <EgenutviklingContext>();
var application = await(from entity in database.Applications
where entity.ApplicationID == context.ClientId
select entity).SingleOrDefaultAsync(context.HttpContext.RequestAborted);
if (application == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client identifier is invalid");
return;
}
if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client identifier is invalid");
return;
}
context.Validate();
} /*
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization provider uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server.");
return;
}
// Reject the request if the client identifier is missing.
if (string.IsNullOrEmpty(context.ClientId))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id'/'client_secret' parameters are missing.");
return;
}
var database = context.HttpContext.RequestServices.GetRequiredService <ApplicationContext>();
// Retrieve the application details corresponding to the requested client_id.
var application = await(from entity in database.Applications
where entity.ApplicationID == context.ClientId
select entity).SingleOrDefaultAsync(context.HttpContext.RequestAborted);
if (application == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "The specified client identifier is invalid.");
return;
}
// Note: the client credentials cannot be safely stored in the Cordova application.
// In this case, context.Skip() is called to inform the OIDC server that the client is not trusted.
context.Skip();
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && !context.Request.IsPasswordGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: @"Este servidor de autorización solo acepta el código de autorización, los tipos
de concesión de token de actualización y grant_type=password.");
return;
}
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Faltan los parametros obligatorios 'client_id'/'client_secret'.");
return;
}
var aplicacion = await _repository.GetAplicacionClienteAsync(context.ClientId, context.HttpContext.RequestAborted);
if (aplicacion == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "El identificador de cliente especificado no es válido.");
return;
}
if (!string.Equals(context.ClientSecret, aplicacion.Secreto, StringComparison.Ordinal))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Las credenciales especificadas del cliente son inválidas.");
return;
}
context.Validate();
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only the resource owner password credentials and refresh token " +
"grants are accepted by this authorization server");
return(Task.FromResult(0));
}
context.Skip();
return(Task.FromResult(0));
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Unsupported Authentication");//Resources.Security.UnsupportedAuthentication
return(Task.FromResult(0));
}
context.Skip();
return(Task.FromResult(0));
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Only allow resource owner credential flow
if (!context.Request.IsPasswordGrantType())
{
context.Reject(
error: "unsupported_grant_type",
description: "Only resource owner credentials " +
"are accepted by this authorization server");
}
context.Validate();
return(Task.FromResult <object>(null));
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials
// and resource owner password credentials grant types but this authorization server uses a safer policy
// rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types.
if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: "unsupported_grant_type",
description: "Only authorization code and refresh token grant types " +
"are accepted by this authorization server");
}
return(Task.FromResult <object>(null));
}
private Task OnValidateTokenRequest(ValidateTokenRequestContext context)
{
if (context.Request.GrantType == "Password")
{
context.Skip();
return(Task.CompletedTask);
}
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password" +
"requests are accepted by this server.");
return(Task.CompletedTask);
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject the token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Tipo de autenticación inválida");
return(Task.FromResult(0));
}
context.Skip();
return(Task.FromResult(0));
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsPasswordGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only the resource owner password credentials grant is accepted by this authorization server"
);
await Task.FromResult(context.IsValidated);
}
context.Skip();
await Task.FromResult(context.IsValidated);
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (!context.Request.IsPasswordGrantType())
{
context.Reject(OpenIdConnectConstants.Errors.UnsupportedGrantType, "Only supports resource owner password credentials grant!");
}
else
{
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skip()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skip();
}
return(Task.CompletedTask);
}
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token requests are accepted by this server.");
return;
}
var client = _clientRepository.GetClient(context.ClientId, context.ClientSecret);
if (client != null)
{
context.Validate();
}
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return(Task.FromResult(0));
}
context.Skip();
return(Task.FromResult(0));
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
if (context.ClientId == "AureliaNetAuthApp")
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skip();
}
else
{
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Reject(OpenIdConnectConstants.Errors.InvalidClient);
}
return(Task.FromResult(0));
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
//Valida apenas os tipos de requisição de token
//Se for colocar pra receber token de terceiros, tem que alterar aqui
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Tipo de autenticaçao nao suportado pelo servidor.");
return(Task.FromResult(0));
}
//Mata o contexto caso não seja válido
context.Skip();
return(Task.FromResult(0));
}
/// <summary>
/// Validates whether the client is a valid known application in our system.
/// </summary>
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
var query = new ClientValidator(context.ClientId, context.ClientSecret);
var result = await ExecuteMessage(context, query);
if (!result.Succeeded)
{
context.Reject(
error: "invalid_client",
description: "Client not found in the database: ensure that your client_id is correct");
return;
}
context.HttpContext.Items.Add("as:clientAllowedOrigin", result.AllowedOrigin);
context.Validate();
}
public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject the token request that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only resource owner password credentials and refresh token " +
"are accepted by this authorization server");
return(Task.FromResult(0));
}
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skip()
// to inform the server that the request should be accepted without
// enforcing client authentication.
context.Skip();
return(Task.FromResult(0));
}