示例#1
0
        /// <summary> Complete the refresh token grant </summary>
        /// <param name="inputParams">Null unless the input parameters have been manually set</param>
        /// <returns>FlowResult with the result</returns>
        /// <exception cref="ClientException"> Thrown if there is something wrong </exception>
        public override FlowResult CompleteFlow(dynamic inputParams = null)
        {
            // Get the required params
            var authParams = this.AuthServer.GetParam(new[] { "client_id", "client_secret", "refresh_token", "scope" }, HTTPMethod.Post, inputParams);

            if (string.IsNullOrEmpty(authParams.client_id)) throw new ClientException(HTTPErrorType.invalid_request, "client_id");
            if (string.IsNullOrEmpty(authParams.client_secret)) throw new ClientException(HTTPErrorType.invalid_request, "client_secret");

            // Validate client ID and client secret
            var clientDetails = this.AuthServer.Client.GetClient(Identifier, authParams.client_id, authParams.client_secret);

            if (clientDetails == null) throw new ClientException(HTTPErrorType.invalid_client);

            authParams.client_details = clientDetails;

            if (string.IsNullOrEmpty(authParams.refresh_token)) throw new ClientException(HTTPErrorType.invalid_request, "refresh_token");

            // Validate refresh token
            var accessTokenId = this.AuthServer.Session.ValidateRefreshToken(authParams.refresh_token, authParams.client_id);
            if (accessTokenId == 0) throw new ClientException(HTTPErrorType.invalid_refresh);

            // Get the existing access token
            var accessTokenDetails = this.AuthServer.Session.GetAccessToken(accessTokenId);

            // Get the scopes for the existing access token
            List<ScopesResponse> scopes = this.AuthServer.Session.GetScopes(accessTokenDetails.AccessToken);

            // Generate new tokens and associate them to the session
            var accessToken = SecureKey.Make();
            var accessTokenExpiresIn = (this.AccessTokenTTL != 0) ? this.AccessTokenTTL : this.AuthServer.AccessTokenTTL;
            var accessTokenExpires = DateTime.Now.AddSeconds(accessTokenExpiresIn);

            // Associate the new access token with the session
            var newAccessTokenId = this.AuthServer.Session.AssociateAccessToken(accessTokenDetails.SessionID, accessToken, accessTokenExpires);

            var refreshToken = string.Empty;
            if (this.RotateRefreshTokens)
            {
                // Generate a new refresh token
                refreshToken = SecureKey.Make();
                var refreshTokenExpires = DateTime.Now.AddSeconds(this.RefreshTokenTTL);

                // Revoke the old refresh token
                this.AuthServer.Session.RemoveRefreshToken(authParams.refresh_token);

                // Associate the new refresh token with the new access token
                this.AuthServer.Session.AssociateRefreshToken(newAccessTokenId, refreshToken, refreshTokenExpires, authParams.client_id.ToString());
            }

            // There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
            if (string.IsNullOrEmpty(authParams.scope))
            {
                foreach (var scope in scopes)
                {
                    this.AuthServer.Session.AssociateScope(newAccessTokenId, scope.ID);
                }
            }
            else if (!string.IsNullOrEmpty(authParams.scope) && this.RotateRefreshTokens)
            {
                // The request is asking for reduced scopes and rotate tokens is enabled
                string[] reqestedScopes = authParams.scope.Split(this.AuthServer.ScopeDelimeter);
                reqestedScopes = reqestedScopes.Where(r => !string.IsNullOrEmpty(r)).Select(r => r.Trim()).ToArray();

                // Check that there aren't any new scopes being included
                var existingScopes = scopes.Select(s => s.Scope).ToList();

                foreach (var reqScope in reqestedScopes)
                {
                    if (!existingScopes.Contains(reqScope)) throw new ClientException(HTTPErrorType.invalid_request, "scope");

                    // Associate with the new access token
                    var scopeDetails = this.AuthServer.Scope.GetScope(Identifier, reqScope, authParams.client_id);
                    this.AuthServer.Session.AssociateScope(newAccessTokenId, scopeDetails.ID);
                }
            }

            var response = new FlowResult
            {
                access_token = accessToken,
                token_type = "Bearer",
                access_token_expires = accessTokenExpires,
                expires_in = accessTokenExpiresIn
            };

            if (this.RotateRefreshTokens) response.refresh_token = refreshToken;

            return response;
        }
示例#2
0
        /// <summary>
        ///     Complete the password grant
        /// </summary>
        /// <param name="inputParams">The input parameters</param>
        /// <returns>FlowResult the completed flow</returns>
        public override FlowResult CompleteFlow(dynamic inputParams = null)
        {
            // Get the required params
            var authParams = this.AuthServer.GetParam(new[] { "client_id", "client_secret", "username", "password" }, HTTPMethod.Post, inputParams);

            if (string.IsNullOrEmpty(authParams.client_id)) throw new ClientException(HTTPErrorType.invalid_request, "client_id");
            if (string.IsNullOrEmpty(authParams.client_secret)) throw new ClientException(HTTPErrorType.invalid_request, "client_secret");

            // Validate client credentials
            var clientDetails = this.AuthServer.Client.GetClient(Identifier, authParams.client_id, authParams.client_secret);
            if (clientDetails == null) throw new ClientException(HTTPErrorType.invalid_client);

            authParams.client_details = clientDetails;

            if (string.IsNullOrEmpty(authParams.username)) throw new ClientException(HTTPErrorType.invalid_request, "username");
            if (string.IsNullOrEmpty(authParams.password)) throw new ClientException(HTTPErrorType.invalid_request, "password");

            // Check if user"s username and password are correct
            if (this.VerifyCredentialsCallback == null) throw new InvalidGrantTypeException(HTTPErrorType.invalid_grant_callback);
            var userId = this.VerifyCredentialsCallback(authParams.username, authParams.password);

            if (string.IsNullOrEmpty(userId)) throw new ClientException(HTTPErrorType.invalid_credentials);

            // Validate any scopes that are in the request
            string scope = this.AuthServer.GetParam("scope", HTTPMethod.Post, inputParams).ToString();
            var scopes = scope.Split(this.AuthServer.ScopeDelimeter);
            scopes = scopes.Where(s => !string.IsNullOrEmpty(s)).Select(s => s.Trim()).ToArray();

            if (this.AuthServer.RequireScopeParam && string.IsNullOrEmpty(this.AuthServer.DefaultScope) && scopes.Length == 0)
                throw new ClientException(HTTPErrorType.invalid_request, "scope");

            if (scopes.Length == 0 && this.AuthServer.DefaultScope != null)
            {
                scopes = this.AuthServer.DefaultScope.Split(this.AuthServer.ScopeDelimeter);
            }

            var sr = new List<ScopeResponse>();

            foreach (var scopeDetails in scopes.Select(s => this.AuthServer.Scope.GetScope(this.Identifier, s, authParams.client_id)))
            {
                if (scopeDetails == null) throw new ClientException(HTTPErrorType.invalid_scope, scope);
                sr.Add(scopeDetails);
            }

            authParams.scopes = sr;

            // Generate an access token
            var accessToken = SecureKey.Make();
            var accessTokenExpiresIn = (this.AccessTokenTTL != 0) ? this.AccessTokenTTL : this.AuthServer.AccessTokenTTL;
            var accessTokenExpires = DateTime.Now.AddSeconds(accessTokenExpiresIn);

            // Create a new session
            var sessionId = this.AuthServer.Session.CreateSession(authParams.client_id, OwnerType.User, userId);

            // Associate an access token with the session
            var accessTokenId = this.AuthServer.Session.AssociateAccessToken(sessionId, accessToken, accessTokenExpires);

            // Associate scopes with the access token
            foreach (var s in sr)
            {
                this.AuthServer.Session.AssociateScope(accessTokenId, s.ID);
            }

            var response = new FlowResult
            {
                access_token = accessToken,
                token_type = "Bearer",
                access_token_expires = accessTokenExpires,
                expires_in = accessTokenExpiresIn
            };

            // Associate a refresh token if set
            if (this.AuthServer.HasGrantType(GrantTypIdentifier.refresh_token))
            {
                var refreshToken = SecureKey.Make();
                var refreshTokenTTL = DateTime.Now.AddSeconds(((RefreshToken)this.AuthServer.GetGrantType(GrantTypIdentifier.refresh_token)).RefreshTokenTTL);
                this.AuthServer.Session.AssociateRefreshToken(accessTokenId, refreshToken, refreshTokenTTL, authParams.client_id);
                response.refresh_token = refreshToken;
            }

            return response;
        }
示例#3
0
        /// <summary> Complete the auth code grant </summary>
        /// <param name="inputParams">The input parameters</param>
        /// <returns>FlowResult with the value of the flow</returns>
        /// <exception cref="ClientException"> Various client exceptions </exception>
        public override FlowResult CompleteFlow(dynamic inputParams = null)
        {
            // Get the required params
            var authParams = this.AuthServer.GetParam(new[] { "client_id", "client_secret", "redirect_uri", "code" }, HTTPMethod.Post, inputParams);

            if (string.IsNullOrEmpty(authParams.client_id)) throw new ClientException(HTTPErrorType.invalid_request, "client_id");
            if (string.IsNullOrEmpty(authParams.client_secret)) throw new ClientException(HTTPErrorType.invalid_request, "client_secret");
            if (string.IsNullOrEmpty(authParams.redirect_uri)) throw new ClientException(HTTPErrorType.invalid_request, "redirect_uri");

            // Validate client ID and redirect URI
            var clientDetails = this.AuthServer.Client.GetClient(Identifier, authParams.client_id, authParams.client_secret, authParams.redirect_uri);
            if (clientDetails == null) throw new ClientException(HTTPErrorType.invalid_client);

            authParams.client_details = clientDetails;

            // Validate the authorization code
            if (string.IsNullOrEmpty(authParams.code)) throw new ClientException(HTTPErrorType.invalid_request, "code");

            // Verify the authorization code matches the client_id and the request_uri
            var authCodeDetails = this.AuthServer.Session.ValidateAuthCode(authParams.client_id, authParams.redirect_uri, authParams.code);
            if (authCodeDetails == null) throw new ClientException(HTTPErrorType.invalid_grant, "code");

            // Get any associated scopes
            var scopes = this.AuthServer.Session.GetAuthCodeScopes(authCodeDetails.AuthcodeID);

            // A session ID was returned so update it with an access token and remove the authorisation code
            var accessToken = SecureKey.Make();
            var accessTokenExpiresIn = (this.AccessTokenTTL != 0) ? this.AccessTokenTTL : this.AuthServer.AccessTokenTTL;
            var accessTokenExpires = DateTime.Now.AddSeconds(accessTokenExpiresIn);

            // Remove the auth code
            this.AuthServer.Session.RemoveAuthCode(authCodeDetails.SessionID);

            // Create an access token
            var accessTokenId = this.AuthServer.Session.AssociateAccessToken(authCodeDetails.SessionID, accessToken, accessTokenExpires);

            // Associate scopes with the access token
            if (scopes.Count > 0)
            {
                foreach (var scope in scopes)
                {
                    this.AuthServer.Session.AssociateScope(accessTokenId, scope);
                }
            }

            var response = new FlowResult
            {
                access_token = accessToken,
                token_type = "Bearer",
                access_token_expires = accessTokenExpires,
                expires_in = accessTokenExpiresIn
            };

            // Associate a refresh token if set
            if (this.AuthServer.HasGrantType(GrantTypIdentifier.refresh_token))
            {
                var refreshToken = SecureKey.Make();
                var refreshTokenTTL = DateTime.Now.AddSeconds(((RefreshToken)this.AuthServer.GetGrantType(GrantTypIdentifier.refresh_token)).RefreshTokenTTL);
                this.AuthServer.Session.AssociateRefreshToken(accessTokenId, refreshToken, refreshTokenTTL, authParams.client_id);
                response.refresh_token = refreshToken;
            }

            return response;
        }