public AccessTokenResult CreateAccessToken(DotNetOpenAuth.OAuth2.Messages.IAccessTokenRequest accessTokenRequestMessage) { var token = new AuthorizationServerAccessToken(); token.Lifetime = TimeSpan.FromMinutes(2); token.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier; foreach (string s in accessTokenRequestMessage.Scope) { token.Scope.Add(s); } token.User = accessTokenRequestMessage.UserName; // token.ExtraData.Add("id_token","thisisthejwt"); var signCert = LoadCert(Config.ALHAMBRA_AUTHORIZATION); token.AccessTokenSigningKey = (RSACryptoServiceProvider)signCert.PrivateKey; var encryptCert = LoadCert(Config.ALHAMBRA_RESOURCES); token.ResourceServerEncryptionKey = (RSACryptoServiceProvider)encryptCert.PublicKey.Key; var accessTokenResult = new AccessTokenResult(token); accessTokenResult.AccessToken.ClientIdentifier = accessTokenRequestMessage.ClientIdentifier; //Page 13 on draft 26 - Open Id Connect Basic Client Profile //if (token.Scope.Contains("offline_access")) //{ // accessTokenResult.AllowRefreshToken = true; //} accessTokenResult.AllowRefreshToken = true; return accessTokenResult; }
/// <summary> /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.</param> /// <returns> /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used. /// </returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); accessToken.Lifetime = TimeSpan.FromHours(1); accessToken.ResourceServerEncryptionKey = EncryptionKeys.GetResourceServerEncryptionPublicKey(); accessToken.AccessTokenSigningKey = EncryptionKeys.GetAuthorizationServerSigningPrivateKey(); return new AccessTokenResult(accessToken); }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken { Lifetime = TimeSpan.FromDays(30), SymmetricKeyStore = this.CryptoKeyStore, ClientIdentifier = accessTokenRequestMessage.ClientIdentifier }; return new AccessTokenResult(accessToken); }
// Generate an access token, given parameters in request that tell use what scopes to include, // and thus what resource's encryption key to use in addition to the authroization server key public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken {Lifetime = TimeSpan.FromMinutes(10)}; // could parameterize lifetime var targetResource = _resourceRepository.FindWithSupportedScopes(accessTokenRequestMessage.Scope); accessToken.ResourceServerEncryptionKey = targetResource.PublicTokenEncrypter; accessToken.AccessTokenSigningKey = _tokenSigner.GetSigner(); var result = new AccessTokenResult(accessToken); return result; }
/// <summary> /// Obtains parameters to go into the formulation of an access token. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.</param> /// <returns> /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used. /// </returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken() { // For this sample, we assume just one resource server. // If this authorization server needs to mint access tokens for more than one resource server, // we'd look at the request message passed to us and decide which public key to return. ResourceServerEncryptionKey = OAuthResourceServer.CreateRSA(), }; var result = new AccessTokenResult(accessToken); return result; }
/// <summary> /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.</param> /// <returns> /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used. /// </returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { // If your resource server and authorization server are different web apps, // consider using asymmetric keys instead of symmetric ones by setting different // properties on the access token below. var accessToken = new AuthorizationServerAccessToken { Lifetime = TimeSpan.FromHours(1), SymmetricKeyStore = this.CryptoKeyStore, }; var result = new AccessTokenResult(accessToken); return result; }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var rsa = new RSACryptoServiceProvider(); rsa.ImportCspBlob(Convert.FromBase64String(ConfigurationManager.AppSettings["PrivateAsymmetricKey"])); var accessToken = new AuthorizationServerAccessToken() { AccessTokenSigningKey = rsa, ResourceServerEncryptionKey = rsa, }; var result = new AccessTokenResult(accessToken); result.AllowRefreshToken = false; return result; }
/// <summary> /// Token创建 /// </summary> /// <param name="accessTokenRequestMessage"></param> /// <returns></returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); accessToken.Lifetime = _configuration.TokenLifetime;//设置Token的有效时间 // 设置加密公钥 accessToken.ResourceServerEncryptionKey = (RSACryptoServiceProvider)_configuration.EncryptionCertificate.PublicKey.Key; // 设置签名私钥 accessToken.AccessTokenSigningKey = (RSACryptoServiceProvider)_configuration.SigningCertificate.PrivateKey; var result = new AccessTokenResult(accessToken); return result; }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); // TODO: work out and implement appropriate lifespan for access tokens based on your specific application requirements accessToken.Lifetime = TimeSpan.FromSeconds(15); // TODO: artificially shorten the access token's lifetime if the original authorization is due to expire sooner than the default lifespan. // (i.e. don't give out 7-day access tokens to somebody who has only granted your app access for 24 hours) // TODO: choose the appropriate signing keys for the specific resource server being used. // If you need to support multiple resource servers, there's two options. // 1) Use the same RSA key pair on every resource server. // 2) Select the appropriate key pair based on the requested scope (this assumes each scope maps to exactly one resource server) accessToken.ResourceServerEncryptionKey = dataServerKeys.PublicSigningKey; accessToken.AccessTokenSigningKey = authServerKeys.PrivateEncryptionKey; return (new AccessTokenResult(accessToken)); }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); // Just for the sake of the sample, we use a short-lived token. This can be useful to mitigate the security risks // of access tokens that are used over standard HTTP. // But this is just the lifetime of the access token. The client can still renew it using their refresh token until // the authorization itself expires. accessToken.Lifetime = TimeSpan.FromMinutes(20); // Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime // to account for that if necessary. //// TODO: code here PublicEncryptionKey = (RSACryptoServiceProvider)EncryptionCertificate.PublicKey.Key; accessToken.ResourceServerEncryptionKey = PublicEncryptionKey; PrivateSigningKey = (RSACryptoServiceProvider)SigningCertificate.PrivateKey; accessToken.AccessTokenSigningKey = PrivateSigningKey; return new AccessTokenResult(accessToken); }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); // Just for the sake of the sample, we use a short-lived token. This can be useful to mitigate the security risks // of access tokens that are used over standard HTTP. // But this is just the lifetime of the access token. The client can still renew it using their refresh token until // the authorization itself expires. accessToken.Lifetime = TimeSpan.FromMinutes(2); // Also take into account the remaining life of the authorization and artificially shorten the access token's lifetime // to account for that if necessary. //// TODO: code here // For this sample, we assume just one resource server. // If this authorization server needs to mint access tokens for more than one resource server, // we'd look at the request message passed to us and decide which public key to return. accessToken.ResourceServerEncryptionKey = new RSACryptoServiceProvider(); accessToken.ResourceServerEncryptionKey.ImportParameters(ResourceServerEncryptionPublicKey); accessToken.AccessTokenSigningKey = CreateRSA(); var result = new AccessTokenResult(accessToken); return result; }
/// <summary> /// Initializes a new instance of the <see cref="AccessTokenResult"/> class. /// </summary> /// <param name="accessToken">The access token to include in this result.</param> public AccessTokenResult(AuthorizationServerAccessToken accessToken) { Requires.NotNull(accessToken, "accessToken"); this.AllowRefreshToken = true; this.AccessToken = accessToken; }
/// <summary> /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access token can be set based on the sensitivity of the resources. /// </param> /// <returns>A non-null parameters instance that DotNetOpenAuth will dispose after it has been used.</returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { AuthorizationServerAccessToken accessToken = new AuthorizationServerAccessToken(); accessToken.Lifetime = TimeSpan.FromMinutes(5); accessToken.ExtraData.Add("userIdentity", "{ user: \"some identity\" }"); //accessToken.Lifetime = TimeSpan.FromSeconds(20); accessToken.ResourceServerEncryptionKey = CreateRsaCryptoServiceProvider(ResourceServerEncryptionPublicKey); accessToken.AccessTokenSigningKey = CreateRsaCryptoServiceProvider(AuthorizationServerSigningPrivateKey); return new AccessTokenResult(accessToken); }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken { Lifetime = TimeSpan.FromHours(1), SymmetricKeyStore = CryptoKeyStore, ClientIdentifier = accessTokenRequestMessage.ClientIdentifier, User = accessTokenRequestMessage.UserName }; var result = new AccessTokenResult(accessToken) { AllowRefreshToken = false // don't support refresh tokens for now }; return result; }
public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { //Default to a lifespan of one hours for all tokens. var accessToken = new AuthorizationServerAccessToken { Lifetime = TimeSpan.FromHours(1), }; //Provide both signing and encryption keys for the token (the private/public relationships will be reversed //when the resource server digests the token accessToken.AccessTokenSigningKey = (RSACryptoServiceProvider)AuthorizationServerCertificate.PrivateKey; accessToken.ResourceServerEncryptionKey = (RSACryptoServiceProvider)ResourceServerCertificate.PublicKey.Key; //Return an access token result. var result = new AccessTokenResult(accessToken); return result; }
/// <summary> /// Acquires the access token and related parameters that go into the formulation of the token endpoint's response to a client. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.</param> /// <returns> /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used. /// </returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken(); accessToken.Lifetime = TimeSpan.FromHours(1); accessToken.ResourceServerEncryptionKey = CreateRsaCryptoServiceProvider(ResourceServerEncryptionPublicKey); accessToken.AccessTokenSigningKey = CreateRsaCryptoServiceProvider(AuthorizationServerSigningKey); return new AccessTokenResult(accessToken); }