private async Task OnValidateResourceOwnerCredentials(OAuthValidateResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(new GenericIdentity(context.Username, "Bearer"), context.Scope.Split(' ').Select(x => new Claim("urn:oauth:scope", x)));
context.Validated(identity, null);
}
public virtual Task ValidateResourceOwnerCredentials(OAuthValidateResourceOwnerCredentialsContext context)
{
return OnValidateResourceOwnerCredentials.Invoke(context);
}
public virtual Task ValidateResourceOwnerCredentials(OAuthValidateResourceOwnerCredentialsContext context)
{
return(OnValidateResourceOwnerCredentials.Invoke(context));
}
private async Task InvokeTokenEndpoint()
{
_logger.WriteVerbose("InvokeTokenEndpoint");
var form = await Request.ReadForm();
AccessTokenRequest accessTokenRequest = AccessTokenRequest.Create(form.Get);
var authorizationCodeAccessTokenRequest = accessTokenRequest as AuthorizationCodeAccessTokenRequest;
var clientCredentialsAccessTokenRequest = accessTokenRequest as ClientCredentialsAccessTokenRequest;
var resourceOwnerPasswordCredentialsAccessTokenRequest = accessTokenRequest as ResourceOwnerPasswordCredentialsAccessTokenRequest;
OAuthValidateClientCredentialsContext lookupClientId = await AuthenticateClient(authorizationCodeAccessTokenRequest);
if (!lookupClientId.IsValidated)
{
// TODO: actual error
_logger.WriteError("clientID is not valid.");
return;
}
AuthenticationTicket ticket;
if (authorizationCodeAccessTokenRequest != null)
{
AuthenticationTicket code = Options.AccessCodeHandler.Unprotect(authorizationCodeAccessTokenRequest.Code);
// TODO - fire event
ticket = code;
}
else if (resourceOwnerPasswordCredentialsAccessTokenRequest != null)
{
var resourceOwnerCredentialsContext = new OAuthValidateResourceOwnerCredentialsContext(
Request.Environment,
resourceOwnerPasswordCredentialsAccessTokenRequest.Username,
resourceOwnerPasswordCredentialsAccessTokenRequest.Password,
resourceOwnerPasswordCredentialsAccessTokenRequest.Scope);
Options.Provider.ValidateResourceOwnerCredentials(resourceOwnerCredentialsContext);
if (resourceOwnerCredentialsContext.IsValidated)
{
ticket = new AuthenticationTicket(
resourceOwnerCredentialsContext.Identity,
resourceOwnerCredentialsContext.Extra);
}
else
{
_logger.WriteError("resourceOwnerCredentialsContext is not valid.");
throw new NotImplementedException("real error");
}
}
else
{
_logger.WriteError("null authorizationCodeAccessTokenRequest and null resourceOwnerPasswordCredentialsTokenRequest");
throw new NotImplementedException("real error");
}
var tokenEndpointContext = new OAuthTokenEndpointContext(
Request.Environment,
ticket,
accessTokenRequest);
await Options.Provider.TokenEndpoint(tokenEndpointContext);
if (!tokenEndpointContext.TokenIssued)
{
_logger.WriteError("Token was not issued to tokenEndpointContext");
throw new NotImplementedException("real error");
}
string accessToken = Options.AccessTokenHandler.Protect(new AuthenticationTicket(tokenEndpointContext.Identity, tokenEndpointContext.Extra));
var memory = new MemoryStream();
byte[] body;
using (var writer = new JsonTextWriter(new StreamWriter(memory)))
{
writer.WriteStartObject();
writer.WritePropertyName("access_token");
writer.WriteValue(accessToken);
writer.WritePropertyName("token_type");
writer.WriteValue("bearer");
writer.WritePropertyName("expires_in");
writer.WriteValue(3600);
writer.WriteEndObject();
writer.Flush();
body = memory.ToArray();
}
Response.ContentType = "application/json;charset=UTF-8";
Response.SetHeader("Cache-Control", "no-store");
Response.SetHeader("Pragma", "no-cache");
Response.SetHeader("Content-Length", memory.ToArray().Length.ToString(CultureInfo.InvariantCulture));
await Response.Body.WriteAsync(body, 0, body.Length);
}
