public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { string clientId = string.Empty; string clientSecret = string.Empty; Client client = null; _authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService)); if (context.ClientId == null) { //Remove the comments from the below line context.SetError, and invalidate context //if you want to force sending clientId/secrects once obtain access tokens. //context.Validate(); context.Reject("Nao foram fornecidas todas as credenciais necessarias"); return(Task.FromResult <object>(null)); } client = _authService.FindClient(context.ClientId); if (client == null) { context.Reject("O clientId fornecido nao eh valido"); return(Task.FromResult <object>(null)); } if (!client.Active) { context.Reject("O Client nao esta mais ativo"); return(Task.FromResult <object>(null)); } context.Validate(); return(Task.FromResult <object>(null)); }
// Validate the grant_type and the client application credentials public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject the token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password or grant_type=refresh_token are accepted by this server."); return; } // Check if refresh-token exists in DB if (context.Request.IsRefreshTokenGrantType()) { var id = RefreshTokenProvider.GenerateId(context.Request.RefreshToken); if (!await RavenDatabaseProvider.IsEntityExists(id)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid client."); return; } } // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private), call Skip() // to inform the server the request should be accepted without // enforcing client authentication. context.Skip(); return; }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password and refresh_token " + "requests are accepted by this server."); return(Task.FromResult(0)); } if (string.Equals(context.ClientId, "AspNetContribSample", StringComparison.Ordinal)) { // Note: the context is marked as skipped instead of validated because the client // is not trusted (JavaScript applications cannot keep their credentials secret). context.Skip(); } else { // If the client_id doesn't correspond to the // intended identifier, reject the request. context.Reject(OpenIdConnectConstants.Errors.InvalidClient); } return(Task.FromResult(0)); }
private async Task _validateClientCredentialsTokenRequest(ValidateTokenRequestContext context) { // TODO increment user rate limit (nb this increment only happens in Validate) authservice = context.HttpContext.RequestServices.GetRequiredService <IValidateAuthorizationService>(); if (authservice == null) { context.Reject(OpenIdConnectConstants.Errors.ServerError, "Failed to validate this authorization request"); return; } if (String.IsNullOrWhiteSpace(context.ClientId)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Missing credentials: ensure that you specified a client_id."); return; } else if (String.IsNullOrWhiteSpace(context.ClientSecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Missing credentials: ensure that you specified a client_secret."); return; } else if (!(await authservice.CheckClientIdExists(context.ClientId))) { context.Reject(error: OpenIdConnectConstants.Errors.InvalidClient, description: "Supplied Client Id was not a valid application Client Id."); return; } else if (!(await authservice.CheckSecretMatchesId(context.ClientId, context.ClientSecret))) { context.Reject(error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Supplied Secret was not correct for the Client Id."); return; } context.Validate(); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization provider uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( OpenIdConnectConstants.Errors.UnsupportedGrantType, "Only authorization code and refresh token grant types " + "are accepted by this authorization server"); return; } // Note: client authentication is not mandatory for non-confidential client applications like mobile apps // (except when using the client credentials grant type) but this authorization server uses a safer policy // that makes client authentication mandatory and returns an error if client_id or client_secret is missing. // You may consider relaxing it to support the resource owner password credentials grant type // with JavaScript or desktop applications, where client credentials cannot be safely stored. // In this case, call context.Skip() to inform the server middleware the client is not trusted. if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( OpenIdConnectConstants.Errors.InvalidRequest, "Missing credentials: ensure that your credentials were correctly " + "flowed in the request body or in the authorization header"); return; } // Retrieve the application details corresponding to the requested client_id. var application = await _applicationRepository.GetByIdAsync(context.ClientId); if (application == null) { context.Reject( OpenIdConnectConstants.Errors.InvalidClient, "Application not found in the database: ensure that your client_id is correct"); return; } // Note: to mitigate brute force attacks, you SHOULD strongly consider applying // a key derivation function like PBKDF2 to slow down the secret validation process. // You SHOULD also consider using a time-constant comparer to prevent timing attacks. // For that, you can use the CryptoHelper library developed by @henkmollema: // https://github.com/henkmollema/CryptoHelper. If you don't need .NET Core support, // SecurityDriven.NET/inferno is a rock-solid alternative: http://securitydriven.net/inferno/ if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal)) { context.Reject( OpenIdConnectConstants.Errors.InvalidClient, "Invalid credentials: ensure that you specified a correct client_secret"); return; } context.Validate(); }
private async Task _validateAuthorizationTokenRequest(ValidateTokenRequestContext context) { // TODO increment user rate limit (nb this increment only happens in Validate) // TODO check user is within their rate limit for the requested client_id if (String.IsNullOrWhiteSpace(context.ClientId)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Missing credentials: ensure that you specified a client_id."); return; } else if (String.IsNullOrWhiteSpace(context.ClientSecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Missing credentials: ensure that you specified a client_secret."); return; } if (String.IsNullOrWhiteSpace(context.Request.Code)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Missing credentials: ensure that you specified a value for code."); return; } context.Validate(); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization provider uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server"); return; } // Note: client authentication is not mandatory for non-confidential client applications like mobile apps // (except when using the client credentials grant type) but this authorization server uses a safer policy // that makes client authentication mandatory and returns an error if client_id or client_secret is missing. // You may consider relaxing it to support the resource owner password credentials grant type // with JavaScript or desktop applications, where client credentials cannot be safely stored. // In this case, call context.Skip() to inform the server middleware the client is not trusted. if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Missing credentials: ensure that your credentials were correctly " + "flowed in the request body or in the authorization header"); return; } using (var database = new ApplicationContext()) { // Retrieve the application details corresponding to the requested client_id. var application = await(from entity in database.Applications where entity.ApplicationID == context.ClientId select entity).SingleOrDefaultAsync(context.OwinContext.Request.CallCancelled); if (application == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Application not found in the database: " + "ensure that your client_id is correct"); return; } if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid credentials: ensure that you " + "specified a correct client_secret"); return; } context.Validate(); } }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password and refresh_token " + "requests are accepted by this server."); return; } //context.Validate(); var applicationUser = await userManager.FindByNameAsync(context.Request.Username); if (applicationUser == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, description: "Invalid user credentials."); return; } // Ensure the password is valid. if (!await userManager.CheckPasswordAsync(applicationUser, context.Request.Password)) { if (userManager.SupportsUserLockout) { await userManager.AccessFailedAsync(applicationUser); } context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, description: "Invalid user credentials."); return; } var identity = new ClaimsIdentity( OpenIdConnectServerDefaults.AuthenticationScheme, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); identity.AddClaim( new Claim(OpenIdConnectConstants.Claims.Subject, applicationUser.UserName) .SetDestinations(OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken)); identity.AddClaim( new Claim(OpenIdConnectConstants.Claims.Name, applicationUser.UserName) .SetDestinations(OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken)); }
/// <summary> /// Validates whether the client is a valid known application in our system. /// </summary> public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsRefreshTokenGrantType() && !context.Request.IsPasswordGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only password and refresh token grant types " + "are accepted by this authorization server"); return; } var query = new ValidateClientQuery(context.ClientId, context.ClientSecret); var result = await ExecuteQuery(context, query); if (!result.Succeeded) { context.Reject( error: "invalid_client", description: "Client not found in the database: ensure that your client_id is correct"); return; } context.HttpContext.Items.Add("as:clientAllowedOrigin", result.AllowedOrigin); if (context.Request.IsPasswordGrantType()) { // Resolve ASP.NET Core Identity's user manager from the DI container. var userManager = context.HttpContext.RequestServices.GetRequiredService <UserManager <IdentityUser> >(); var user = await userManager.FindByNameAsync(context.Request.Username); if (user == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, description: "Invalid user details."); return; } // Reject the token request if email confirmation is required. //if (!(await userManager.IsEmailConfirmedAsync(user))) //{ // context.Reject( // error: OpenIdConnectConstants.Errors.InvalidGrant, // description: "Email confirmation is required for this account."); // return; //} } context.Validate(); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (string.IsNullOrEmpty(context.ClientId)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Missing credentials: ensure that your credentials were correctly " + "flowed in the request body or in the authorization header"); return(Task.FromResult(0)); } #region Validate Client var application = _applicationservice.GetByClientId(context.ClientId); if (applicationResult == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Application not found in the database: ensure that your client_id is correct"); return(Task.FromResult(0)); } else { var application = applicationResult.Data; if (application.ApplicationType == (int)ApplicationTypes.JavaScript) { // Note: the context is marked as skipped instead of validated because the client // is not trusted (JavaScript applications cannot keep their credentials secret). context.Skip(); } else { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Authorization server only handles Javascript application."); return(Task.FromResult(0)); } } #endregion Validate Client var request = context.Request.RequestUri; return(Task.FromResult(0)); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (context.Request.IsRefreshTokenGrantType()) { await _validateRefreshTokenRequest(context); return; } else if (context.Request.IsAuthorizationCodeGrantType()) { await _validateAuthorizationTokenRequest(context); return; } else if (context.Request.IsClientCredentialsGrantType()) { await _validateClientCredentialsTokenRequest(context); return; } context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code, client credentials, and implicit grants " + "are accepted by this authorization server"); return; }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject the token request if it doesn't specify grant_type=authorization_code, // grant_type=password or grant_type=refresh_token. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=authorization_code, grant_type=password or " + "grant_type=refresh_token are accepted by this server."); return(Task.FromResult(0)); } // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private), call Skip() // to inform the server the request should be accepted without // enforcing client authentication. //context.Skip(); IClientService clientService = (IClientService)context.HttpContext.RequestServices.GetService(typeof(IClientService)); ClientModel client = clientService.Get(context.ClientId); if (client == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client identifier is invalid."); return(Task.FromResult(0)); } if (!string.Equals(context.ClientSecret, client.ClientSecret, StringComparison.Ordinal)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return(Task.FromResult(0)); } context.Validate(); return(Task.FromResult(0)); }
/// <summary> /// Represents an event called for each request to the token endpoint /// to determine if the request is valid and should continue. /// </summary> /// <param name="context">The context instance associated with this event.</param> public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization provider uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && !context.Request.IsTokenRequest()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server."); return; } // Note: client authentication is not mandatory for non-confidential client applications like mobile apps // (except when using the client credentials grant type) but this authorization server uses a safer policy // that makes client authentication mandatory and returns an error if client_id or client_secret is missing. // You may consider relaxing it to support the resource owner password credentials grant type // with JavaScript or desktop applications, where client credentials cannot be safely stored. // In this case, call context.Skip() to inform the server middleware the client is not trusted. if (context.ClientId.IsNullOrWhiteSpace() || context.ClientSecret.IsNullOrWhiteSpace()) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The mandatory 'client_id'/'client_secret' parameters are missing."); return; } // Retrieve the application details corresponding to the requested client_id. var rockContext = new RockContext(); var authClientService = new AuthClientService(rockContext); var authClient = await authClientService.GetByClientIdAndSecretAsync(context.ClientId, context.ClientSecret); if (authClient == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; } context.Validate(); }
// Implement OnValidateTokenRequest to support flows using the token endpoint // (code/refresh token/password/client credentials/custom grant). public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code and refresh token grant type are accepted by this authorization server."); return; } if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The mandatory 'client_id'/'client_secret' parameters are missing"); return; } var database = context.HttpContext.RequestServices.GetRequiredService <EgenutviklingContext>(); var application = await(from entity in database.Applications where entity.ApplicationID == context.ClientId select entity).SingleOrDefaultAsync(context.HttpContext.RequestAborted); if (application == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client identifier is invalid"); return; } if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client identifier is invalid"); return; } context.Validate(); } /*
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: the OpenID Connect server middleware supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization provider uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server."); return; } // Reject the request if the client identifier is missing. if (string.IsNullOrEmpty(context.ClientId)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The mandatory 'client_id'/'client_secret' parameters are missing."); return; } var database = context.HttpContext.RequestServices.GetRequiredService <ApplicationContext>(); // Retrieve the application details corresponding to the requested client_id. var application = await(from entity in database.Applications where entity.ApplicationID == context.ClientId select entity).SingleOrDefaultAsync(context.HttpContext.RequestAborted); if (application == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "The specified client identifier is invalid."); return; } // Note: the client credentials cannot be safely stored in the Cordova application. // In this case, context.Skip() is called to inform the OIDC server that the client is not trusted. context.Skip(); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType() && !context.Request.IsPasswordGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: @"Este servidor de autorización solo acepta el código de autorización, los tipos de concesión de token de actualización y grant_type=password."); return; } if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "Faltan los parametros obligatorios 'client_id'/'client_secret'."); return; } var aplicacion = await _repository.GetAplicacionClienteAsync(context.ClientId, context.HttpContext.RequestAborted); if (aplicacion == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "El identificador de cliente especificado no es válido."); return; } if (!string.Equals(context.ClientSecret, aplicacion.Secreto, StringComparison.Ordinal)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Las credenciales especificadas del cliente son inválidas."); return; } context.Validate(); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only the resource owner password credentials and refresh token " + "grants are accepted by this authorization server"); return(Task.FromResult(0)); } context.Skip(); return(Task.FromResult(0)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Unsupported Authentication");//Resources.Security.UnsupportedAuthentication return(Task.FromResult(0)); } context.Skip(); return(Task.FromResult(0)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Only allow resource owner credential flow if (!context.Request.IsPasswordGrantType()) { context.Reject( error: "unsupported_grant_type", description: "Only resource owner credentials " + "are accepted by this authorization server"); } context.Validate(); return(Task.FromResult <object>(null)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Note: OpenIdConnectServerHandler supports authorization code, refresh token, client credentials // and resource owner password credentials grant types but this authorization server uses a safer policy // rejecting the last two ones. You may consider relaxing it to support the ROPC or client credentials grant types. if (!context.Request.IsAuthorizationCodeGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: "unsupported_grant_type", description: "Only authorization code and refresh token grant types " + "are accepted by this authorization server"); } return(Task.FromResult <object>(null)); }
private Task OnValidateTokenRequest(ValidateTokenRequestContext context) { if (context.Request.GrantType == "Password") { context.Skip(); return(Task.CompletedTask); } context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password" + "requests are accepted by this server."); return(Task.CompletedTask); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject the token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Tipo de autenticación inválida"); return(Task.FromResult(0)); } context.Skip(); return(Task.FromResult(0)); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsPasswordGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only the resource owner password credentials grant is accepted by this authorization server" ); await Task.FromResult(context.IsValidated); } context.Skip(); await Task.FromResult(context.IsValidated); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (!context.Request.IsPasswordGrantType()) { context.Reject(OpenIdConnectConstants.Errors.UnsupportedGrantType, "Only supports resource owner password credentials grant!"); } else { // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private), call Skip() // to inform the server the request should be accepted without // enforcing client authentication. context.Skip(); } return(Task.CompletedTask); }
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject(error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password and refresh_token requests are accepted by this server."); return; } var client = _clientRepository.GetClient(context.ClientId, context.ClientSecret); if (client != null) { context.Validate(); } }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject token requests that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only grant_type=password and refresh_token " + "requests are accepted by this server."); return(Task.FromResult(0)); } context.Skip(); return(Task.FromResult(0)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { if (context.ClientId == "AureliaNetAuthApp") { // Note: the context is marked as skipped instead of validated because the client // is not trusted (JavaScript applications cannot keep their credentials secret). context.Skip(); } else { // If the client_id doesn't correspond to the // intended identifier, reject the request. context.Reject(OpenIdConnectConstants.Errors.InvalidClient); } return(Task.FromResult(0)); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { //Valida apenas os tipos de requisição de token //Se for colocar pra receber token de terceiros, tem que alterar aqui if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Tipo de autenticaçao nao suportado pelo servidor."); return(Task.FromResult(0)); } //Mata o contexto caso não seja válido context.Skip(); return(Task.FromResult(0)); }
/// <summary> /// Validates whether the client is a valid known application in our system. /// </summary> public override async Task ValidateTokenRequest(ValidateTokenRequestContext context) { var query = new ClientValidator(context.ClientId, context.ClientSecret); var result = await ExecuteMessage(context, query); if (!result.Succeeded) { context.Reject( error: "invalid_client", description: "Client not found in the database: ensure that your client_id is correct"); return; } context.HttpContext.Items.Add("as:clientAllowedOrigin", result.AllowedOrigin); context.Validate(); }
public override Task ValidateTokenRequest(ValidateTokenRequestContext context) { // Reject the token request that don't use grant_type=password or grant_type=refresh_token. if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType()) { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, description: "Only resource owner password credentials and refresh token " + "are accepted by this authorization server"); return(Task.FromResult(0)); } // Since there's only one application and since it's a public client // (i.e a client that cannot keep its credentials private), call Skip() // to inform the server that the request should be accepted without // enforcing client authentication. context.Skip(); return(Task.FromResult(0)); }