public AccessTokenResult CreateAccessToken(DotNetOpenAuth.OAuth2.Messages.IAccessTokenRequest accessTokenRequestMessage)
        {
            var token = new AuthorizationServerAccessToken();
            token.Lifetime = TimeSpan.FromMinutes(2);

            token.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier;

            foreach (string s in accessTokenRequestMessage.Scope)
            {
                token.Scope.Add(s);
            }

            token.User = accessTokenRequestMessage.UserName;
               // token.ExtraData.Add("id_token","thisisthejwt");

            var signCert = LoadCert(Config.ALHAMBRA_AUTHORIZATION);
            token.AccessTokenSigningKey = (RSACryptoServiceProvider)signCert.PrivateKey;

            var encryptCert = LoadCert(Config.ALHAMBRA_RESOURCES);
            token.ResourceServerEncryptionKey = (RSACryptoServiceProvider)encryptCert.PublicKey.Key;

            var accessTokenResult = new AccessTokenResult(token);
            accessTokenResult.AccessToken.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier;

            //Page 13 on draft 26 - Open Id Connect Basic Client Profile
            //if (token.Scope.Contains("offline_access"))
            //{
            //    accessTokenResult.AllowRefreshToken = true;
            //}

            accessTokenResult.AllowRefreshToken = true;

            return accessTokenResult;
        }
        /// <summary>
        /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client.
        /// </summary>
        /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
        /// that will receive that access.
        /// Based on this information the receiving resource server can be determined and the lifetime of the access
        /// token can be set based on the sensitivity of the resources.</param>
        /// <returns>
        /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
        /// </returns>
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken();
            accessToken.Lifetime = TimeSpan.FromHours(1);
            accessToken.ResourceServerEncryptionKey = EncryptionKeys.GetResourceServerEncryptionPublicKey();
            accessToken.AccessTokenSigningKey = EncryptionKeys.GetAuthorizationServerSigningPrivateKey();

            return new AccessTokenResult(accessToken);
        }
示例#3
0
 public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
 {
     var accessToken = new AuthorizationServerAccessToken
     {
         Lifetime = TimeSpan.FromDays(30),
         SymmetricKeyStore = this.CryptoKeyStore,
         ClientIdentifier = accessTokenRequestMessage.ClientIdentifier
     };
     return new AccessTokenResult(accessToken);
 }
示例#4
0
        // Generate an access token, given parameters in request that tell use what scopes to include,
        // and thus what resource's encryption key to use in addition to the authroization server key
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken {Lifetime = TimeSpan.FromMinutes(10)}; // could parameterize lifetime

            var targetResource = _resourceRepository.FindWithSupportedScopes(accessTokenRequestMessage.Scope);
            accessToken.ResourceServerEncryptionKey = targetResource.PublicTokenEncrypter;
            accessToken.AccessTokenSigningKey = _tokenSigner.GetSigner();

            var result = new AccessTokenResult(accessToken);
            return result;
        }
		/// <summary>
		/// Obtains parameters to go into the formulation of an access token.
		/// </summary>
		/// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
		/// that will receive that access.
		/// Based on this information the receiving resource server can be determined and the lifetime of the access
		/// token can be set based on the sensitivity of the resources.</param>
		/// <returns>
		/// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
		/// </returns>
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var accessToken = new AuthorizationServerAccessToken() {
				// For this sample, we assume just one resource server.
				// If this authorization server needs to mint access tokens for more than one resource server,
				// we'd look at the request message passed to us and decide which public key to return.
				ResourceServerEncryptionKey = OAuthResourceServer.CreateRSA(),
			};

			var result = new AccessTokenResult(accessToken);
			return result;
		}
		/// <summary>
		/// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client.
		/// </summary>
		/// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
		/// that will receive that access.
		/// Based on this information the receiving resource server can be determined and the lifetime of the access
		/// token can be set based on the sensitivity of the resources.</param>
		/// <returns>
		/// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
		/// </returns>
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			// If your resource server and authorization server are different web apps,
			// consider using asymmetric keys instead of symmetric ones by setting different
			// properties on the access token below.
			var accessToken = new AuthorizationServerAccessToken {
				Lifetime = TimeSpan.FromHours(1),
				SymmetricKeyStore = this.CryptoKeyStore,
			};
			var result = new AccessTokenResult(accessToken);
			return result;
		}
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var rsa = new RSACryptoServiceProvider();
			rsa.ImportCspBlob(Convert.FromBase64String(ConfigurationManager.AppSettings["PrivateAsymmetricKey"]));

			var accessToken = new AuthorizationServerAccessToken() {
				AccessTokenSigningKey = rsa,
				ResourceServerEncryptionKey = rsa,
			};
			var result = new AccessTokenResult(accessToken);
			result.AllowRefreshToken = false;
			return result;
		}
        /// <summary>
        /// Token创建
        /// </summary>
        /// <param name="accessTokenRequestMessage"></param>
        /// <returns></returns>
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken();
            accessToken.Lifetime = _configuration.TokenLifetime;//设置Token的有效时间

            // 设置加密公钥
            accessToken.ResourceServerEncryptionKey =
                (RSACryptoServiceProvider)_configuration.EncryptionCertificate.PublicKey.Key;
            // 设置签名私钥
            accessToken.AccessTokenSigningKey = (RSACryptoServiceProvider)_configuration.SigningCertificate.PrivateKey;

            var result = new AccessTokenResult(accessToken);
            return result;
        }
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
            var accessToken = new AuthorizationServerAccessToken();

            // TODO: work out and implement appropriate lifespan for access tokens based on your specific application requirements
            accessToken.Lifetime = TimeSpan.FromSeconds(15);

            // TODO: artificially shorten the access token's lifetime if the original authorization is due to expire sooner than the default lifespan.
            // (i.e. don't give out 7-day access tokens to somebody who has only granted your app access for 24 hours) 

            // TODO: choose the appropriate signing keys for the specific resource server being used.
            // If you need to support multiple resource servers, there's two options.
            // 1) Use the same RSA key pair on every resource server.
            // 2) Select the appropriate key pair based on the requested scope (this assumes each scope maps to exactly one resource server)

            accessToken.ResourceServerEncryptionKey = dataServerKeys.PublicSigningKey;
            accessToken.AccessTokenSigningKey = authServerKeys.PrivateEncryptionKey;

            return (new AccessTokenResult(accessToken));
        }
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken();

            // Just for the sake of the sample, we use a short-lived token.  This can be useful to mitigate the security risks
            // of access tokens that are used over standard HTTP.
            // But this is just the lifetime of the access token.  The client can still renew it using their refresh token until
            // the authorization itself expires.
            accessToken.Lifetime = TimeSpan.FromMinutes(20);

            // Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime
            // to account for that if necessary.
            //// TODO: code here

            PublicEncryptionKey = (RSACryptoServiceProvider)EncryptionCertificate.PublicKey.Key;
            accessToken.ResourceServerEncryptionKey = PublicEncryptionKey;
            PrivateSigningKey = (RSACryptoServiceProvider)SigningCertificate.PrivateKey;
            accessToken.AccessTokenSigningKey = PrivateSigningKey;

            return new AccessTokenResult(accessToken);
        }
		public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
			var accessToken = new AuthorizationServerAccessToken();

			// Just for the sake of the sample, we use a short-lived token.  This can be useful to mitigate the security risks
			// of access tokens that are used over standard HTTP.
			// But this is just the lifetime of the access token.  The client can still renew it using their refresh token until
			// the authorization itself expires.
			accessToken.Lifetime = TimeSpan.FromMinutes(2);

			// Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime
			// to account for that if necessary.
			//// TODO: code here

			// For this sample, we assume just one resource server.
			// If this authorization server needs to mint access tokens for more than one resource server,
			// we'd look at the request message passed to us and decide which public key to return.
			accessToken.ResourceServerEncryptionKey = new RSACryptoServiceProvider();
			accessToken.ResourceServerEncryptionKey.ImportParameters(ResourceServerEncryptionPublicKey);

			accessToken.AccessTokenSigningKey = CreateRSA();

			var result = new AccessTokenResult(accessToken);
			return result;
		}
示例#12
0
		/// <summary>
		/// Initializes a new instance of the <see cref="AccessTokenResult"/> class.
		/// </summary>
		/// <param name="accessToken">The access token to include in this result.</param>
		public AccessTokenResult(AuthorizationServerAccessToken accessToken) {
			Requires.NotNull(accessToken, "accessToken");
			this.AllowRefreshToken = true;
			this.AccessToken = accessToken;
		}
        /// <summary>
        /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client.
        /// </summary>
        /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client that will receive that access.
        /// Based on this information the receiving resource server can be determined and the lifetime of the access token can be set based on the sensitivity of the resources.
        /// </param>
        /// <returns>A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.</returns>
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            AuthorizationServerAccessToken accessToken = new AuthorizationServerAccessToken();
            accessToken.Lifetime = TimeSpan.FromMinutes(5);
            accessToken.ExtraData.Add("userIdentity", "{ user: \"some identity\" }");

            //accessToken.Lifetime = TimeSpan.FromSeconds(20);
            accessToken.ResourceServerEncryptionKey = CreateRsaCryptoServiceProvider(ResourceServerEncryptionPublicKey);
            accessToken.AccessTokenSigningKey = CreateRsaCryptoServiceProvider(AuthorizationServerSigningPrivateKey);

            return new AccessTokenResult(accessToken);
        }
 public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
 {
     var accessToken = new AuthorizationServerAccessToken
     {
         Lifetime = TimeSpan.FromHours(1),
         SymmetricKeyStore = CryptoKeyStore,
         ClientIdentifier = accessTokenRequestMessage.ClientIdentifier,
         User = accessTokenRequestMessage.UserName
     };
     var result = new AccessTokenResult(accessToken)
     {
         AllowRefreshToken = false // don't support refresh tokens for now
     };
     return result;
 }
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            //Default to a lifespan of one hours for all tokens.
            var accessToken = new AuthorizationServerAccessToken
            {
                Lifetime = TimeSpan.FromHours(1),
            };

            //Provide both signing and encryption keys for the token (the private/public relationships will be reversed
            //when the resource server digests the token
            accessToken.AccessTokenSigningKey =
                     (RSACryptoServiceProvider)AuthorizationServerCertificate.PrivateKey;
            accessToken.ResourceServerEncryptionKey =
                     (RSACryptoServiceProvider)ResourceServerCertificate.PublicKey.Key;

            //Return an access token result.
            var result = new AccessTokenResult(accessToken);
            return result;
        }
示例#16
0
		/// <summary>
		/// Initializes a new instance of the <see cref="AccessTokenResult"/> class.
		/// </summary>
		/// <param name="accessToken">The access token to include in this result.</param>
		public AccessTokenResult(AuthorizationServerAccessToken accessToken) {
			Requires.NotNull(accessToken, "accessToken");
			this.AllowRefreshToken = true;
			this.AccessToken = accessToken;
		}
        /// <summary>
        /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client.
        /// </summary>
        /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
        /// that will receive that access.
        /// Based on this information the receiving resource server can be determined and the lifetime of the access
        /// token can be set based on the sensitivity of the resources.</param>
        /// <returns>
        /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.
        /// </returns>
        public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage)
        {
            var accessToken = new AuthorizationServerAccessToken();
            accessToken.Lifetime = TimeSpan.FromHours(1);
            accessToken.ResourceServerEncryptionKey = CreateRsaCryptoServiceProvider(ResourceServerEncryptionPublicKey);
            accessToken.AccessTokenSigningKey = CreateRsaCryptoServiceProvider(AuthorizationServerSigningKey);

            return new AccessTokenResult(accessToken);
        }