private TokenInfoDto GenerateTokenForClientCredentailsGrant(AskTokenDto tokenInfo, IStringLocalizer errorLocal)
{
TokenInfoDto toReturn = null;
using (var context = RepositoriesFactory.CreateContext())
{
var clientRepo = RepositoriesFactory.GetClientRepository(context);
var myClient = clientRepo.GetByPublicId(tokenInfo.ClientPublicId);
if (!CheckIfClientsCredentialsAreValid(myClient, tokenInfo.AuthorizationHeader))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameUnauthorizedClient,
Description = errorLocal["UnauthorizedClient"]
};
}
if (!CheckIfScopesAreAuthorizedForClient(myClient.PublicId, tokenInfo.Scope))
{
throw new DaOAuthTokenException()
{
Error = OAuthConvention.ErrorNameInvalidScope,
Description = errorLocal["UnauthorizedScope"]
};
}
var accesToken = JwtService.GenerateToken(new CreateTokenDto()
{
ClientPublicId = myClient.PublicId,
Scope = tokenInfo.Scope,
SecondsLifeTime = Configuration.AccesTokenLifeTimeInSeconds,
TokenName = OAuthConvention.AccessToken,
UserName = String.Empty
});
toReturn = new TokenInfoDto()
{
AccessToken = accesToken.Token,
ExpireIn = Configuration.AccesTokenLifeTimeInSeconds,
Scope = tokenInfo.Scope,
TokenType = OAuthConvention.AccessToken
};
}
return(toReturn);
}
private TokenInfoDto GenerateAccessTokenAndUpdateRefreshToken(AskTokenDto tokenInfo, IContext context, string userName)
{
TokenInfoDto toReturn;
var newRefreshToken = JwtService.GenerateToken(new CreateTokenDto()
{
ClientPublicId = tokenInfo.ClientPublicId,
Scope = tokenInfo.Scope,
SecondsLifeTime = Configuration.RefreshTokenLifeTimeInSeconds,
TokenName = OAuthConvention.RefreshToken,
UserName = userName
});
var accesToken = JwtService.GenerateToken(new CreateTokenDto()
{
ClientPublicId = tokenInfo.ClientPublicId,
Scope = tokenInfo.Scope,
SecondsLifeTime = Configuration.AccesTokenLifeTimeInSeconds,
TokenName = OAuthConvention.AccessToken,
UserName = userName
});
var userClientRepo = RepositoriesFactory.GetUserClientRepository(context);
var myUc = userClientRepo.GetUserClientByClientPublicIdAndUserName(tokenInfo.ClientPublicId, userName);
myUc.RefreshToken = newRefreshToken.Token;
userClientRepo.Update(myUc);
toReturn = new TokenInfoDto()
{
AccessToken = accesToken.Token,
ExpireIn = Configuration.AccesTokenLifeTimeInSeconds,
RefreshToken = newRefreshToken.Token,
Scope = tokenInfo.Scope,
TokenType = OAuthConvention.AccessToken
};
return(toReturn);
}
public Uri GenererateUriForAuthorize(AskAuthorizeDto authorizeInfo)
{
IList <ValidationResult> ExtendValidation(AskAuthorizeDto toValidate)
{
var resource = this.GetErrorStringLocalizer();
IList <ValidationResult> result = new List <ValidationResult>();
if (!String.IsNullOrEmpty(toValidate.RedirectUri) && !IsUriCorrect(toValidate.RedirectUri))
{
result.Add(new ValidationResult(resource["AuthorizeAuthorizeRedirectUrlIncorrect"]));
}
return(result);
}
Uri toReturn = null;
Logger.LogInformation($"Ask for authorize, client : {authorizeInfo.ClientPublicId} - response_type : {authorizeInfo.ResponseType}");
var errorLocal = GetErrorStringLocalizer();
Validate(authorizeInfo, ExtendValidation);
if (String.IsNullOrEmpty(authorizeInfo.ResponseType))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameInvalidRequest,
errorLocal["AuthorizeResponseTypeParameterMandatory"],
authorizeInfo.State)
};
}
if (!authorizeInfo.ResponseType.Equals(OAuthConvention.ResponseTypeCode, StringComparison.Ordinal) &&
!authorizeInfo.ResponseType.Equals(OAuthConvention.ResponseTypeToken, StringComparison.Ordinal))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameUnsupportedResponseType,
errorLocal["AuthorizeUnsupportedResponseType"],
authorizeInfo.State)
};
}
if (String.IsNullOrEmpty(authorizeInfo.ClientPublicId))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameInvalidRequest,
errorLocal["AuthorizeClientIdParameterMandatory"],
authorizeInfo.State)
};
}
if (!CheckIfClientIsValid(authorizeInfo.ClientPublicId, new Uri(authorizeInfo.RedirectUri),
authorizeInfo.ResponseType.Equals(OAuthConvention.ResponseTypeCode, StringComparison.Ordinal) ? EClientType.CONFIDENTIAL : EClientType.PUBLIC))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameUnauthorizedClient,
errorLocal["UnauthorizedClient"],
authorizeInfo.State)
};
}
if (!CheckIfScopesAreAuthorizedForClient(authorizeInfo.ClientPublicId, authorizeInfo.Scope))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameInvalidScope,
errorLocal["UnauthorizedScope"],
authorizeInfo.State)
};
}
if (!CheckIfUserHasAuthorizeOrDeniedClientAccess(authorizeInfo.ClientPublicId, authorizeInfo.UserName))
{
throw new DaOAuthRedirectException()
{
RedirectUri = new Uri($"{Configuration.AuthorizeClientPageUrl}?" +
$"response_type={authorizeInfo.ResponseType}&" +
$"client_id={authorizeInfo.ClientPublicId}&" +
$"state={authorizeInfo.State}&" +
$"redirect_uri={authorizeInfo.RedirectUri}&" +
$"scope={authorizeInfo.Scope}")
};
}
if (!CheckIfUserHasAuthorizeClient(authorizeInfo.ClientPublicId, authorizeInfo.UserName))
{
throw new DaOAuthRedirectException()
{
RedirectUri = GenerateRedirectErrorMessage(
authorizeInfo.RedirectUri,
OAuthConvention.ErrorNameAccessDenied,
errorLocal["AccessDenied"],
authorizeInfo.State)
};
}
switch (authorizeInfo.ResponseType)
{
case OAuthConvention.ResponseTypeCode:
var myCode = GenerateAndSaveCode(authorizeInfo.ClientPublicId, authorizeInfo.UserName, authorizeInfo.Scope);
var codeLocation = String.Concat(authorizeInfo.RedirectUri, "?code=", myCode);
if (!String.IsNullOrEmpty(authorizeInfo.State))
{
codeLocation = String.Concat(codeLocation, "&state=", authorizeInfo.State);
}
toReturn = new Uri(codeLocation);
break;
default: // response_type token
var myToken = JwtService.GenerateToken(new CreateTokenDto()
{
SecondsLifeTime = Configuration.AccesTokenLifeTimeInSeconds,
ClientPublicId = authorizeInfo.ClientPublicId,
Scope = authorizeInfo.Scope,
TokenName = OAuthConvention.AccessToken,
UserName = authorizeInfo.UserName
});
var tokenLocation = String.Concat(authorizeInfo.RedirectUri, "?token=", myToken.Token, "&token_type=bearer&expires_in=", Configuration.AccesTokenLifeTimeInSeconds);
if (!String.IsNullOrEmpty(authorizeInfo.State))
{
tokenLocation = String.Concat(tokenLocation, "&state=", authorizeInfo.State);
}
toReturn = new Uri(tokenLocation);
break;
}
return(toReturn);
}