public async Task <IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, ApiResource apiResource)
{
_logger.LogDebug("Introspection request validation started.");
var fail = new IntrospectionRequestValidationResult {
IsError = true
};
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
_logger.LogError("Token is missing");
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return(fail);
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
_logger.LogDebug("Token is invalid.");
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return(fail);
}
// check expected scopes
var supportedScopes = apiResource.Scopes.Select(x => x.Name);
var expectedScopes = tokenValidationResult.Claims.Where(
c => c.Type == JwtClaimTypes.Scope && supportedScopes.Contains(c.Value));
// expected scope not present
if (!expectedScopes.Any())
{
_logger.LogError("Expected scope {scopes} is missing in token", supportedScopes);
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return(fail);
}
var claims = tokenValidationResult.Claims;
// filter out scopes that this API resource does not own
claims = claims.Where(x => x.Type != JwtClaimTypes.Scope ||
(x.Type == JwtClaimTypes.Scope && supportedScopes.Contains(x.Value)));
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = claims
};
_logger.LogDebug("Introspection request validation successful.");
return(success);
}
public async Task <IntrospectionRequestValidationResult> ValidateAsync(NameValueCollection parameters, Scope scope)
{
_logger.LogDebug("Introspection request validation started.");
var fail = new IntrospectionRequestValidationResult {
IsError = true
};
// retrieve required token
var token = parameters.Get("token");
if (token == null)
{
_logger.LogError("Token is missing");
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.MissingToken;
return(fail);
}
// validate token
var tokenValidationResult = await _tokenValidator.ValidateAccessTokenAsync(token);
// invalid or unknown token
if (tokenValidationResult.IsError)
{
_logger.LogError("Token is invalid.");
fail.IsActive = false;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidToken;
fail.Token = token;
return(fail);
}
// check expected scope
var expectedScope = tokenValidationResult.Claims.FirstOrDefault(
c => c.Type == JwtClaimTypes.Scope && c.Value == scope.Name);
// expected scope not present
if (expectedScope == null)
{
_logger.LogError("Expected scope of {scope} is missing", scope.Name);
fail.IsActive = false;
fail.IsError = true;
fail.FailureReason = IntrospectionRequestValidationFailureReason.InvalidScope;
fail.Token = token;
return(fail);
}
// all is good
var success = new IntrospectionRequestValidationResult
{
IsActive = true,
IsError = false,
Token = token,
Claims = tokenValidationResult.Claims
};
_logger.LogInformation("Introspection request validation successful.");
return(success);
}