protected string GenerateToken(AuthServerRequest authRequest, string issuer, IAdditionalClaimsProvider additionalClaimsProvider)
        {
            WebToken tokenObject = new WebToken();

            tokenObject.Issuer = issuer;

            List <KeyValuePair <string, string> > additionalClaims = null;

            if (authRequest.GrantType == "password")
            {
                tokenObject.AddClaim(ClaimTypes.Name, authRequest.Username);
                if (!string.IsNullOrEmpty(authRequest.ClientId))
                {
                    tokenObject.AddClaim("ClientId", authRequest.ClientId);
                }

                additionalClaims = additionalClaimsProvider.GetAdditionalUserClaims(authRequest.Username);
            }
            else if (authRequest.GrantType == "client")
            {
                tokenObject.AddClaim("ClientId", authRequest.ClientId);

                additionalClaims = additionalClaimsProvider.GetAdditionalClientClaims(authRequest.ClientId);
            }

            if ((additionalClaims != null) && (additionalClaims.Count > 0))
            {
                foreach (var kvp in additionalClaims)
                {
                    tokenObject.AddClaim(kvp.Key, kvp.Value);
                }
            }

            return(tokenObject.GenerateToken(_crypter, _options.CryptionKey));
        }
        public async Task Invoke(HttpContext context, ICredentialsProvider credentialsProvider, IAdditionalClaimsProvider additionalClaimsProvider)
        {
            if (context.Request.Path.Value.Equals(_options.TokenEndpointPath))
            {
                if (context.Request.ContentType != "application/x-www-form-urlencoded")
                {
                    context.Response.StatusCode  = StatusCodes.Status400BadRequest;
                    context.Response.ContentType = "application/json;charset=utf-8";
                    await context.Response.WriteAsync("[\"invalid-content-type\"]");

                    return;
                }

                try
                {
                    AuthServerRequest authRequest = CreateAuthServerRequestObject(context.Request);

                    // Now, we have to investigate authRequest
                    if (authRequest.GrantType == "password") // resource owner
                    {
                        if (!(await credentialsProvider.AreUserCredentialsValidAsync(authRequest.Username, authRequest.Password)))
                        {
                            context.Response.StatusCode  = StatusCodes.Status401Unauthorized;
                            context.Response.ContentType = "application/json;charset=utf-8";
                            await context.Response.WriteAsync($"[\"{AuthServerMessages.InvalidUserCredentials}\"]");

                            return;
                        }
                    }
                    else if (authRequest.GrantType == "client") // private client
                    {
                        if (!(await credentialsProvider.AreClientCredentialsValidAsync(authRequest.ClientId, authRequest.ClientSecret)))
                        {
                            context.Response.StatusCode  = StatusCodes.Status401Unauthorized;
                            context.Response.ContentType = "application/json;charset=utf-8";
                            await context.Response.WriteAsync($"[\"{AuthServerMessages.InvalidUserCredentials}\"]");

                            return;
                        }
                    }

                    // Now, we construct the response
                    await WriteResponseAsync(authRequest, _options.Issuer, context.Response, additionalClaimsProvider);

                    return;
                }
                catch (Exception e)
                {
                    context.Response.StatusCode  = StatusCodes.Status400BadRequest;
                    context.Response.ContentType = "application/json;charset=utf-8";
                    await context.Response.WriteAsync($"[\"{e.Message}\"]");

                    return;
                }
            }

            await _next.Invoke(context);
        }
        protected async Task WriteResponseAsync(AuthServerRequest authRequest, string issuer, HttpResponse response, IAdditionalClaimsProvider additionalClaimsProvider)
        {
            TAuthServerResponse authServerResponse = new TAuthServerResponse();

            authServerResponse.AccessToken = GenerateToken(authRequest, issuer, additionalClaimsProvider);
            SetOtherAuthServerResponseProperties(authRequest, authServerResponse);
            response.StatusCode  = StatusCodes.Status200OK;
            response.ContentType = "application/json;charset=utf-8";
            await response.WriteAsync(JsonConvert.SerializeObject(authServerResponse));
        }
        protected AuthServerRequest CreateAuthServerRequestObject(HttpRequest httpRequest)
        {
            AuthServerRequest request = new AuthServerRequest();

            request.ClientId     = httpRequest.Form["client_id"].ToString() ?? "";
            request.ClientSecret = httpRequest.Form["client_secret"].ToString() ?? "";
            request.GrantType    = httpRequest.Form["grant_type"].ToString() ?? "";
            request.Username     = httpRequest.Form["username"].ToString() ?? "";
            request.Password     = httpRequest.Form["password"].ToString() ?? "";

            return(request);
        }
 protected virtual void SetOtherAuthServerResponseProperties(AuthServerRequest authServerRequest, TAuthServerResponse authServerResponse)
 {
 }