public TokenRequestValidationLog(ValidatedTokenRequest request) { const string scrubValue = "******"; Raw = request.Raw.ToDictionary(); if (Raw.ContainsKey(OidcConstants.TokenRequest.Password)) { Raw[OidcConstants.TokenRequest.Password] = scrubValue; } if (request.Client != null) { ClientId = request.Client.ClientId; ClientName = request.Client.ClientName; } if (request.Scopes != null) { Scopes = request.Scopes.ToSpaceSeparatedString(); } if (request.SignInMessage != null) { IdP = request.SignInMessage.IdP; Tenant = request.SignInMessage.Tenant; AuthenticationContextReferenceClasses = request.SignInMessage.AcrValues; } GrantType = request.GrantType; AuthorizationCode = request.AuthorizationCodeHandle; RefreshToken = request.RefreshTokenHandle; UserName = request.UserName; }
public async Task<CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var validator = _validators.FirstOrDefault(v => v.GrantType.Equals(request.GrantType, StringComparison.Ordinal)); if (validator == null) { return new CustomGrantValidationResult { IsError = true, Error = "No validator found for grant type" }; } try { return await validator.ValidateAsync(request); } catch (Exception e) { _logger.LogError("Grant validation error", e); return new CustomGrantValidationResult { IsError = true, Error = "Grant validation error", }; } }
public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var validator = _validators.FirstOrDefault(v => v.GrantType.Equals(request.GrantType, StringComparison.Ordinal)); if (validator == null) { return(new CustomGrantValidationResult { IsError = true, Error = "No validator found for grant type" }); } try { return(await validator.ValidateAsync(request)); } catch (Exception e) { _logger.LogError("Grant validation error", e); return(new CustomGrantValidationResult { IsError = true, Error = "Grant validation error", }); } }
public Task<CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { if (userName == password) { var result = new CustomGrantValidationResult(request.UserName, "password"); return Task.FromResult(result); } else { var result = new CustomGrantValidationResult("Username and/or password incorrect"); return Task.FromResult(result); } }
public Task<CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { var query = from u in _users where u.Username == userName && u.Password == password select u; var user = query.SingleOrDefault(); if (user != null) { return Task.FromResult(new CustomGrantValidationResult(user.Subject, "password")); } return Task.FromResult(new CustomGrantValidationResult("Invalid username or password")); }
public Task<CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var credential = request.Raw.Get("custom_credential"); if (credential != null) { // valid credential return Task.FromResult(new CustomGrantValidationResult("818727", "custom")); } else { // custom error message return Task.FromResult(new CustomGrantValidationResult("invalid_custom_credential")); } }
public async Task<TokenResponse> ProcessAsync(ValidatedTokenRequest request) { _logger.LogVerbose("Creating token response"); if (request.GrantType == OidcConstants.GrantTypes.AuthorizationCode) { return await ProcessAuthorizationCodeRequestAsync(request); } if (request.GrantType == OidcConstants.GrantTypes.RefreshToken) { return await ProcessRefreshTokenRequestAsync(request); } return await ProcessTokenRequestAsync(request); }
private async Task<TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { _logger.LogVerbose("Processing authorization code request"); ////////////////////////// // access token ///////////////////////// var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; ////////////////////////// // refresh token ///////////////////////// if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } ////////////////////////// // id token ///////////////////////// if (request.AuthorizationCode.IsOpenId) { var tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = request.AuthorizationCode.Client, Scopes = request.AuthorizationCode.RequestedScopes, Nonce = request.AuthorizationCode.Nonce, ValidatedRequest = request }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return response; }
/// <summary> /// Custom validation logic for the token request. /// </summary> /// <param name="request">The validated request.</param> /// <returns> /// The validation result /// </returns> public Task <TokenRequestValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request) { return(Task.FromResult(new TokenRequestValidationResult(request))); }
private async Task<TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request) { _logger.LogVerbose("Processing token request"); var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } return response; }
private async Task<Tuple<string, string>> CreateAccessTokenAsync(ValidatedTokenRequest request) { TokenCreationRequest tokenRequest; bool createRefreshToken; if (request.AuthorizationCode != null) { createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess); tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = request.AuthorizationCode.Client, Scopes = request.AuthorizationCode.RequestedScopes, ValidatedRequest = request }; } else { createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope; tokenRequest = new TokenCreationRequest { Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, ValidatedRequest = request }; } Token accessToken = await _tokenService.CreateAccessTokenAsync(tokenRequest); string refreshToken = ""; if (createRefreshToken) { refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(tokenRequest.Subject, accessToken, request.Client); } var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken); return Tuple.Create(securityToken, refreshToken); }
public Task<CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { return Task.FromResult(new CustomGrantValidationResult("bob", "CustomGrant")); }
/// <summary> /// Custom validation logic for the token request. /// </summary> /// <param name="request">The validated request.</param> /// <returns> /// The validation result /// </returns> public Task<TokenRequestValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request) { return Task.FromResult(new TokenRequestValidationResult(request)); }
public async Task <TokenRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client) { _logger.LogVerbose("Start token request validation"); _validatedRequest = new ValidatedTokenRequest(); if (client == null) { throw new ArgumentNullException("client"); } if (parameters == null) { throw new ArgumentNullException("parameters"); } _validatedRequest.Raw = parameters; _validatedRequest.Client = client; _validatedRequest.Options = _options; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType); if (grantType.IsMissing()) { LogError("Grant type is missing."); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } if (grantType.Length > _options.InputLengthRestrictions.GrantType) { LogError("Grant type is too long."); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } _validatedRequest.GrantType = grantType; // standard grant types switch (grantType) { case OidcConstants.GrantTypes.AuthorizationCode: return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters)); case OidcConstants.GrantTypes.ClientCredentials: return(await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters)); case OidcConstants.GrantTypes.Password: return(await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters)); case OidcConstants.GrantTypes.RefreshToken: return(await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters)); } // custom grant type var result = await RunValidationAsync(ValidateCustomGrantRequestAsync, parameters); if (result.IsError) { if (result.Error.IsPresent()) { return(result); } LogError("Unsupported grant_type: " + grantType); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } return(result); }
public Task<CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { var result = new CustomGrantValidationResult("unsupported_grant_type"); return Task.FromResult(result); }
private async Task<TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request) { _logger.LogVerbose("Processing refresh token request"); var oldAccessToken = request.RefreshToken.AccessToken; string accessTokenString; if (request.Client.UpdateAccessTokenClaimsOnRefresh) { var subject = request.RefreshToken.GetOriginalSubject(); var creationRequest = new TokenCreationRequest { Client = request.Client, Subject = subject, ValidatedRequest = request, Scopes = await _scopes.FindScopesAsync(oldAccessToken.Scopes) }; var newAccessToken = await _tokenService.CreateAccessTokenAsync(creationRequest); accessTokenString = await _tokenService.CreateSecurityTokenAsync(newAccessToken); } else { oldAccessToken.CreationTime = DateTimeOffsetHelper.UtcNow; oldAccessToken.Lifetime = request.Client.AccessTokenLifetime; accessTokenString = await _tokenService.CreateSecurityTokenAsync(oldAccessToken); } var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshTokenHandle, request.RefreshToken, request.Client); return new TokenResponse { AccessToken = accessTokenString, AccessTokenLifetime = request.Client.AccessTokenLifetime, RefreshToken = handle }; }
public async Task<TokenRequestValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client) { _logger.LogTrace("Start token request validation"); _validatedRequest = new ValidatedTokenRequest(); if (client == null) { throw new ArgumentNullException("client"); } if (parameters == null) { throw new ArgumentNullException("parameters"); } _validatedRequest.Raw = parameters; _validatedRequest.Client = client; _validatedRequest.Options = _options; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType); if (grantType.IsMissing()) { LogError("Grant type is missing."); return Invalid(OidcConstants.TokenErrors.UnsupportedGrantType); } if (grantType.Length > _options.InputLengthRestrictions.GrantType) { LogError("Grant type is too long."); return Invalid(OidcConstants.TokenErrors.UnsupportedGrantType); } _validatedRequest.GrantType = grantType; // standard grant types switch (grantType) { case OidcConstants.GrantTypes.AuthorizationCode: return await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters); case OidcConstants.GrantTypes.ClientCredentials: return await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters); case OidcConstants.GrantTypes.Password: return await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters); case OidcConstants.GrantTypes.RefreshToken: return await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters); } // custom grant type var result = await RunValidationAsync(ValidateCustomGrantRequestAsync, parameters); if (result.IsError) { if (result.Error.IsPresent()) { return result; } LogError("Unsupported grant_type: " + grantType); return Invalid(OidcConstants.TokenErrors.UnsupportedGrantType); } return result; }
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { var result = new CustomGrantValidationResult("unsupported_grant_type"); return(Task.FromResult(result)); }