public TokenRequestValidationLog(ValidatedTokenRequest request) { const string scrubValue = "******"; Raw = request.Raw.ToDictionary(); foreach (var field in SensitiveData.Where(field => Raw.ContainsKey(field))) { Raw[field] = scrubValue; } if (request.Client != null) { ClientId = request.Client.ClientId; ClientName = request.Client.ClientName; } if (request.Scopes != null) { Scopes = request.Scopes.ToSpaceSeparatedString(); } if (request.SignInMessage != null) { IdP = request.SignInMessage.IdP; Tenant = request.SignInMessage.Tenant; QueryString = request.SignInMessage.QueryString; AuthenticationContextReferenceClasses = request.SignInMessage.AcrValues; } GrantType = request.GrantType; AuthorizationCode = request.AuthorizationCodeHandle; RefreshToken = request.RefreshTokenHandle; UserName = request.UserName; }
public async Task <TokenRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult) { var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType); _validatedRequest = new ValidatedTokenRequest { Raw = parameters ?? throw new ArgumentNullException(nameof(parameters)), Options = _options }; switch (grantType) { case OidcConstants.GrantTypes.AuthorizationCode: return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters)); case OidcConstants.GrantTypes.ClientCredentials: return(await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters)); case OidcConstants.GrantTypes.Password: return(await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters)); case OidcConstants.GrantTypes.RefreshToken: return(await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters)); case OidcConstants.GrantTypes.DeviceCode: return(await RunValidationAsync(ValidateDeviceCodeRequestAsync, parameters)); default: return(await RunValidationAsync(ValidateExtensionGrantRequestAsync, parameters)); } }
/// <inheritdoc/> public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { string userName = request.Raw.Get("name"); IdSrvUserDto user = await this.UserRepository.GetUserByUserNameAsync(userName); IdSrvClientDto client = await this.ClientRepository.GetClientByIdAsync(request.Client.ClientId); string password = request.Raw.Get("password"); // Выполняем проверку учетки пользователя // Значение ContextType.Machine для домена вероятно надо будет поменять на ContextType.Domain (не тестировал) var pc = new PrincipalContext(ContextType.Machine); bool isCredentialValid = false; if (user != null && !user.IsBlocked && client != null && !client.IsBlocked) { isCredentialValid = pc.ValidateCredentials(userName, password); } var authResult = new AuthenticateResult( subject: user != null ? user.Id.ToString() : "-", name: userName); var grantResult = new CustomGrantValidationResult { IsError = !isCredentialValid, Error = authResult.ErrorMessage, ErrorDescription = (user != null && user.IsBlocked) ? $"User \"{userName}\" is blocked" : authResult.ErrorMessage, Principal = authResult.User, }; return(grantResult); }
/// <summary> /// Initializes a new instance of the <see cref="TokenRequestValidationResult"/> class. /// </summary> /// <param name="validatedRequest">The validated request.</param> /// <param name="customResponse">The custom response.</param> public TokenRequestValidationResult(ValidatedTokenRequest validatedRequest, Dictionary <string, object> customResponse = null) { IsError = false; ValidatedRequest = validatedRequest; CustomResponse = customResponse; }
public Task <ValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request) { return(Task.FromResult(new ValidationResult { IsError = false })); }
public TokenRequestValidationLog(ValidatedTokenRequest request) { if (request.Options.DiagnosticsOptions.IncludeSensitiveDataInLogs) { Raw = request.Raw.ToDictionary(); } if (request.Client != null) { ClientId = request.Client.ClientId; ClientName = request.Client.ClientName; } if (request.Scopes != null) { Scopes = request.Scopes.ToSpaceSeparatedString(); } if (request.SignInMessage != null) { IdP = request.SignInMessage.IdP; Tenant = request.SignInMessage.Tenant; AuthenticationContextReferenceClasses = request.SignInMessage.AcrValues; } GrantType = request.GrantType; AuthorizationCode = request.AuthorizationCodeHandle; RefreshToken = request.RefreshTokenHandle; UserName = request.UserName; }
public async Task DeviceCode_Missing_Subject() { deviceCode.Subject = null; var client = await _clients.FindClientByIdAsync("device_flow"); var service = Factory.CreateDeviceCodeService(); var handle = await service.StoreDeviceAuthorizationAsync(Guid.NewGuid().ToString(), deviceCode); var validator = Factory.CreateDeviceCodeValidator(service); var request = new ValidatedTokenRequest(); request.SetClient(client); var context = new DeviceCodeValidationContext { DeviceCode = handle, Request = request }; await validator.ValidateAsync(context); context.Result.IsError.Should().BeTrue(); context.Result.Error.Should().Be(OidcConstants.TokenErrors.AuthorizationPending); }
public async Task <ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request) { if (request.GrantType != "legacy_account_store") { Logger.Error("unknown custom grant type"); return(null); } var legacyAccountStoreType = request.Raw.Get("account_store"); var id = request.Raw.Get("legacy_id"); var secret = request.Raw.Get("legacy_secret"); if (legacyAccountStoreType.IsMissing() || id.IsMissing() || secret.IsMissing()) { Logger.Error("malformed request"); return(null); } var message = new SignInMessage { Tenant = legacyAccountStoreType }; var result = await _users.AuthenticateLocalAsync(id, secret, message); if (result.IsError) { Logger.Error("authentication failed"); return(null); } return(result.User); }
public Task <ValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request, Core.Services.IUserService profile) { return(Task.FromResult(new ValidationResult { IsError = false })); }
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request) { CustomGrantValidationResult grantResult = null; var param = request.Raw.Get("token"); if (string.IsNullOrWhiteSpace(param)) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } var result = _validator.ValidateAccessTokenAsync(param).Result; if (result.IsError) { grantResult = new CustomGrantValidationResult(result.Error); } var subjectClaim = result.Claims.FirstOrDefault(x => x.Type == "sub"); if (subjectClaim == null) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } if (grantResult == null) { grantResult = new CustomGrantValidationResult(subjectClaim.Value, "access_token"); } return(Task.FromResult(grantResult)); }
/// <inheritdoc/> public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { CustomGrantValidationResult result = await this.Validator.ValidateAsync(request); var userId = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Subject)?.Value; var userName = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Name)?.Value; if (!result.IsError) { await this.Logger?.UserSignedInAsync( userId : userId, userName : userName, clientId : request.Client?.ClientId, clientName : request.Client?.ClientName); } else { await this.Logger?.UnsuccessfulSigningInAsync( userName : userName, clientId : request.Client?.ClientId, clientName : request.Client?.ClientName, reason : result?.ErrorDescription); } return(result); }
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { _logger.LogTrace("Processing authorization code request"); ////////////////////////// // access token ///////////////////////// var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; ////////////////////////// // refresh token ///////////////////////// if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } ////////////////////////// // id token ///////////////////////// if (request.AuthorizationCode.IsOpenId) { // load the client that belongs to the authorization code Client client = null; if (request.AuthorizationCode.ClientId != null) { client = await _clients.FindEnabledClientByIdAsync(request.AuthorizationCode.ClientId); } if (client == null) { throw new InvalidOperationException("Client does not exist anymore."); } var resources = await _resources.FindEnabledResourcesByScopeAsync(request.AuthorizationCode.RequestedScopes); var tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = client, Resources = resources, Nonce = request.AuthorizationCode.Nonce, AccessTokenToHash = response.AccessToken, ValidatedRequest = request }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return(response); }
private async Task <Device> SaveDeviceAsync(User user, ValidatedTokenRequest request) { var device = GetDeviceFromRequest(request); if (device != null) { var existingDevice = await _deviceRepository.GetByIdentifierAsync(device.Identifier, user.Id); if (existingDevice == null) { device.UserId = user.Id; await _deviceService.SaveAsync(device); var now = DateTime.UtcNow; if (now - user.CreationDate > TimeSpan.FromMinutes(10)) { var deviceType = device.Type.GetType().GetMember(device.Type.ToString()) .FirstOrDefault()?.GetCustomAttribute <DisplayAttribute>()?.GetName(); if (!_globalSettings.DisableEmailNewDevice) { await _mailService.SendNewDeviceLoggedInEmail(user.Email, deviceType, now, _currentContext.IpAddress); } } return(device); } return(existingDevice); } return(null); }
public Task<ValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request, Core.Services.IUserService profile) { return Task.FromResult(new ValidationResult { IsError = false }); }
public void ValidateAsync_ReturnsInvalidRequestWhenSubjectClaimNotFound() { // Arrange var tokenRequest = new ValidatedTokenRequest { Raw = new NameValueCollection() }; tokenRequest.Raw.Add("access_token", "A12345"); tokenRequest.Raw.Add("client_referer", "http://localhost:12345"); var tokenValidatorFake = createTokenValidatorFake; A.CallTo(() => tokenValidatorFake.ValidateAccessTokenAsync("A12345", null)) .Returns(Task.FromResult(new TokenValidationResult { IsError = false, Claims = new List <Claim>() })); var validator = new ActAsUserGrantValidator(tokenValidatorFake); // Act var result = validator.ValidateAsync(tokenRequest).Result; // Assert result.Error.Should().Be(Constants.TokenErrors.InvalidRequest); A.CallTo(() => tokenValidatorFake.ValidateAccessTokenAsync("A12345", null)).MustHaveHappened(); }
public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var param = request.Raw.Get("win_token"); if (string.IsNullOrWhiteSpace(param)) { return(await Task.FromResult(new CustomGrantValidationResult("Missing parameter win_token."))); } var principal = TryValidateToken(param, request.Options.SigningCertificate); var nameIdentifierClaim = principal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier); if (nameIdentifierClaim == null) { return(await Task.FromResult(new CustomGrantValidationResult("Missing NameIdentifier claim in win_token."))); } var authenticationResult = await AuthenticateUserAsync(nameIdentifierClaim.Value, principal.Claims); var customGrantResult = new CustomGrantValidationResult() { IsError = authenticationResult.IsError, Error = authenticationResult.ErrorMessage, ErrorDescription = authenticationResult.ErrorMessage, Principal = authenticationResult.User }; return(await Task.FromResult(customGrantResult)); }
public async Task Valid_Custom_Grant_Multiple_Validator() { var validator = new CustomGrantValidator(new List <ICustomGrantValidator> { new TestGrantValidator(), new TestGrantValidator2() }); var request = new ValidatedTokenRequest { GrantType = "custom_grant" }; var result = await validator.ValidateAsync(request); result.IsError.Should().BeFalse(); result.Principal.Should().NotBeNull(); result.Principal.GetSubjectId().Should().Be("bob"); result.Principal.GetAuthenticationMethod().Should().Be("CustomGrant"); request.GrantType = "custom_grant2"; result = await validator.ValidateAsync(request); result.IsError.Should().BeFalse(); result.Principal.Should().NotBeNull(); result.Principal.GetSubjectId().Should().Be("alice"); result.Principal.GetAuthenticationMethod().Should().Be("CustomGrant2"); }
public TokenRequestValidationLog(ValidatedTokenRequest request) { const string scrubValue = "******"; Raw = request.Raw.ToDictionary(); if (Raw.ContainsKey(Constants.TokenRequest.Password)) { Raw[Constants.TokenRequest.Password] = scrubValue; } if (request.Client != null) { ClientId = request.Client.ClientId; ClientName = request.Client.ClientName; } if (request.Scopes != null) { Scopes = request.Scopes.ToSpaceSeparatedString(); } if (request.SignInMessage != null) { IdP = request.SignInMessage.IdP; Tenant = request.SignInMessage.Tenant; AuthenticationContextReferenceClasses = request.SignInMessage.AcrValues; } GrantType = request.GrantType; AuthorizationCode = request.AuthorizationCodeHandle; RefreshToken = request.RefreshTokenHandle; UserName = request.UserName; }
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request) { if (request.GrantType != "custom") { return(Task.FromResult <CustomGrantValidationResult>(null)); } var assertion = request.Raw.Get("assertion"); if (string.IsNullOrWhiteSpace(assertion)) { return(Task.FromResult <CustomGrantValidationResult>(new CustomGrantValidationResult { ErrorMessage = "Missing assertion." })); } // validate assertion and return principal var principal = IdentityServerPrincipal.Create( "bob", "bob", "custom_grant", "idsrv"); return(Task.FromResult(new CustomGrantValidationResult { Principal = principal })); }
/// <summary> /// Validates the request. /// </summary> /// <param name="request">The request.</param> /// <returns></returns> public async Task <GrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var validator = _validators.FirstOrDefault(v => v.GrantType.Equals(request.GrantType, StringComparison.Ordinal)); if (validator == null) { _logger.LogError("No validator found for grant type"); return(new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType)); } try { _logger.LogTrace("Calling into custom grant validator: {type}", validator.GetType().FullName); var context = new ExtensionGrantValidationContext { Request = request }; await validator.ValidateAsync(context); return(context.Result); } catch (Exception e) { _logger.LogError(1, e, "Grant validation error: {message}", e.Message); return(new GrantValidationResult(TokenRequestErrors.InvalidGrant)); } }
public async Task Expired_DeviceCode() { deviceCode.CreationTime = DateTime.UtcNow.AddDays(-10); deviceCode.Lifetime = 300; var client = await _clients.FindClientByIdAsync("device_flow"); var service = Factory.CreateDeviceCodeService(); var handle = await service.StoreDeviceAuthorizationAsync(Guid.NewGuid().ToString(), deviceCode); var validator = Factory.CreateDeviceCodeValidator(service); var request = new ValidatedTokenRequest(); request.SetClient(client); var context = new DeviceCodeValidationContext { DeviceCode = handle, Request = request }; await validator.ValidateAsync(context); context.Result.IsError.Should().BeTrue(); context.Result.Error.Should().Be(OidcConstants.TokenErrors.ExpiredToken); }
public async Task <TokenExchangeValidation> ValidateAsync(ValidatedTokenRequest request) { var tokenExchangeValidation = new TokenExchangeValidation(); var subjectTokenValidation = await this.ValidateTokenAsync(request, RequestParameters.SubjectTokenType, RequestParameters.SubjectToken).ConfigureAwait(false); tokenExchangeValidation.SubjectTokenValidationResult = subjectTokenValidation; if (subjectTokenValidation.IsError) { tokenExchangeValidation.SetErrors(subjectTokenValidation); return(tokenExchangeValidation); } var actorTokenValidation = await this.ValidateActorTokenAsync(request).ConfigureAwait(false); tokenExchangeValidation.ActorTokenValidationResult = actorTokenValidation; if (actorTokenValidation.IsError) { tokenExchangeValidation.SetErrors(actorTokenValidation); return(tokenExchangeValidation); } if (request.Client.ClientId != actorTokenValidation.Client.ClientId) { tokenExchangeValidation.SetErrors("Request client_id and actor_token client_id must match."); return(tokenExchangeValidation); } return(tokenExchangeValidation); }
protected async Task ValidateAsync(T context, ValidatedTokenRequest request) { var twoFactorToken = request.Raw["TwoFactorToken"]?.ToString(); var twoFactorProvider = request.Raw["TwoFactorProvider"]?.ToString(); var twoFactorRemember = request.Raw["TwoFactorRemember"]?.ToString() == "1"; var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider); var(user, valid) = await ValidateContextAsync(context); if (!valid) { await BuildErrorResultAsync(false, context, user); return; } var twoFactorRequirement = await RequiresTwoFactorAsync(user); if (twoFactorRequirement.Item1) { var twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it if (!twoFactorRequest || !Enum.TryParse(twoFactorProvider, out twoFactorProviderType)) { await BuildTwoFactorResultAsync(user, twoFactorRequirement.Item2, context); return; } var verified = await VerifyTwoFactor(user, twoFactorRequirement.Item2, twoFactorProviderType, twoFactorToken); if (!verified && twoFactorProviderType != TwoFactorProviderType.Remember) { await BuildErrorResultAsync(true, context, user); return; } else if (!verified && twoFactorProviderType == TwoFactorProviderType.Remember) { await Task.Delay(2000); // Delay for brute force. await BuildTwoFactorResultAsync(user, twoFactorRequirement.Item2, context); return; } } else { twoFactorRequest = false; twoFactorRemember = false; twoFactorToken = null; } var device = await SaveDeviceAsync(user, request); await BuildSuccessResultAsync(user, context, device, twoFactorRequest&& twoFactorRemember); return; }
private async Task <TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request) { Logger.Info("Processing refresh token request"); var oldAccessToken = request.RefreshToken.AccessToken; string accessTokenString; // if pop request, claims must be updated because we need a fresh proof token if (request.Client.UpdateAccessTokenClaimsOnRefresh || request.RequestedTokenType == RequestedTokenTypes.PoP) { var subject = request.RefreshToken.GetOriginalSubject(); var creationRequest = new TokenCreationRequest { Client = request.Client, Subject = subject, ValidatedRequest = request, Scopes = await _scopes.FindScopesAsync(oldAccessToken.Scopes), }; // if pop request, embed proof token if (request.RequestedTokenType == RequestedTokenTypes.PoP) { creationRequest.ProofKey = GetProofKey(request); } var newAccessToken = await _tokenService.CreateAccessTokenAsync(creationRequest); accessTokenString = await _tokenService.CreateSecurityTokenAsync(newAccessToken); } else { var copy = new Token(oldAccessToken); copy.CreationTime = DateTimeOffsetHelper.UtcNow; copy.Lifetime = request.Client.AccessTokenLifetime; accessTokenString = await _tokenService.CreateSecurityTokenAsync(copy); } var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshTokenHandle, request.RefreshToken, request.Client); var response = new TokenResponse { AccessToken = accessTokenString, AccessTokenLifetime = request.Client.AccessTokenLifetime, RefreshToken = handle }; if (request.RequestedTokenType == RequestedTokenTypes.PoP) { response.TokenType = Constants.ResponseTokenTypes.PoP; response.Algorithm = request.ProofKeyAlgorithm; } response.IdentityToken = await CreateIdTokenFromRefreshTokenRequestAsync(request, accessTokenString); return(response); }
/// <summary> /// Initializes a new instance of the <see cref="TokenRequestValidationResult"/> class. /// </summary> /// <param name="validatedRequest">The validated request.</param> /// <param name="error">The error.</param> /// <param name="errorDescription">The error description.</param> /// <param name="customResponse">The custom response.</param> public TokenRequestValidationResult(ValidatedTokenRequest validatedRequest, string error, string errorDescription = null, Dictionary <string, object> customResponse = null) { IsError = true; Error = error; ErrorDescription = errorDescription; ValidatedRequest = validatedRequest; CustomResponse = customResponse; }
public Task <GrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { if (_isInvalid) { return(Task.FromResult(new GrantValidationResult(TokenRequestErrors.InvalidGrant, _errorDescription))); } return(Task.FromResult(new GrantValidationResult("bob", "CustomGrant"))); }
public async Task ValidateAsync(ExtensionGrantValidationContext context) { _logger.LogDebug("Start token request validation"); if (context == null) { throw new ArgumentNullException(nameof(context)); } var raw = context.Request.Raw; _validatedRequest = new ValidatedTokenRequest { Raw = raw ?? throw new ArgumentNullException(nameof(raw)), Options = _options }; var customTokenRequestValidationContext = new CustomTokenRequestValidationContext() { Result = new TokenRequestValidationResult(_validatedRequest) }; await _arbitraryNoSubjectRequestValidator.ValidateAsync(customTokenRequestValidationContext); if (customTokenRequestValidationContext.Result.IsError) { context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, customTokenRequestValidationContext.Result.Error); return; } var clientValidationResult = await _clientSecretValidator.ValidateAsync(_validatedRequest.Raw); if (clientValidationResult == null) { throw new ArgumentNullException(nameof(clientValidationResult)); } _validatedRequest.SetClient(clientValidationResult.Client, clientValidationResult.Secret); ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = _validatedRequest.Raw.Get(OidcConstants.TokenRequest.GrantType); if (grantType.IsMissing()) { LogError("Grant type is missing"); context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType); return; } if (grantType.Length > _options.InputLengthRestrictions.GrantType) { LogError("Grant type is too long"); context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType); return; } _validatedRequest.GrantType = grantType; context.Result = new GrantValidationResult(); }
private async Task <Tuple <string, string> > CreateAccessTokenAsync(ValidatedTokenRequest request) { TokenCreationRequest tokenRequest; bool createRefreshToken; if (request.AuthorizationCode != null) { createRefreshToken = request.AuthorizationCode.RequestedScopes.Contains(Constants.StandardScopes.OfflineAccess); // load the client that belongs to the authorization code Client client = null; if (request.AuthorizationCode.ClientId != null) { client = await _clients.FindEnabledClientByIdAsync(request.AuthorizationCode.ClientId); } if (client == null) { throw new InvalidOperationException("Client does not exist anymore."); } var scopes = await _scopes.FindEnabledScopesAsync(request.AuthorizationCode.RequestedScopes); tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = client, Scopes = scopes, ValidatedRequest = request }; } else { createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope; tokenRequest = new TokenCreationRequest { Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, ValidatedRequest = request }; } Token accessToken = await _tokenService.CreateAccessTokenAsync(tokenRequest); string refreshToken = ""; if (createRefreshToken) { refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(tokenRequest.Subject, accessToken, request.Client); } var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken); return(Tuple.Create(securityToken, refreshToken)); }
public Task <ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request, IUserService users) { if (request.GrantType == "assertionType" && request.Assertion == "assertion") { return(Task.FromResult(Principal.Create("Assertion", new Claim("sub", "bob")))); } ; return(Task.FromResult <ClaimsPrincipal>(null)); }
async public Task<CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { var user = await _userManager.FindByNameAsync(userName); if (user != null && await _userManager.CheckPasswordAsync(user, password)) { return new CustomGrantValidationResult(user.Id, "password"); } return new CustomGrantValidationResult("Invalid username or password"); }
public Task <TokenResponse> GenerateAsync(ValidatedTokenRequest request, TokenResponse response) { response.Custom.Add("custom_field", "custom data"); response.Custom.Add("custom_complex_field", new ResponsePoco { SomeString = "foo", SomeInt = 42 }); return(Task.FromResult(response)); }
public Task <ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request) { if (request.GrantType == "customGrant") { return(Task.FromResult(Principal.Create("CustomGrant", new Claim("sub", "bob")))); } ; return(Task.FromResult <ClaimsPrincipal>(null)); }
public Task<ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request) { return Task.FromResult<ClaimsPrincipal>(null); }
public TokenRequestValidationResult(ValidatedTokenRequest validatedRequest) { IsError = false; ValidatedRequest = validatedRequest; }