Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Commit

Permalink
Include id_token in response from refresh token request // closes #3458
Browse files Browse the repository at this point in the history
  • Loading branch information
@brockallen
brockallen committed Jan 15, 2017
1 parent 885e0b2 commit 9f5c9fe
Showing 1 changed file with 19 additions and 2 deletions.
21 changes: 19 additions & 2 deletions source/Core/ResponseHandling/TokenResponseGenerator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ private async Task<TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedToken

var oldAccessToken = request.RefreshToken.AccessToken;
string accessTokenString;

// if pop request, claims must be updated because we need a fresh proof token
if (request.Client.UpdateAccessTokenClaimsOnRefresh || request.RequestedTokenType == RequestedTokenTypes.PoP)
{
Expand Down Expand Up @@ -191,6 +191,8 @@ private async Task<TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedToken
response.Algorithm = request.ProofKeyAlgorithm;
}

response.IdentityToken = await CreateIdTokenFromRefreshTokenRequestAsync(request, accessTokenString);

return response;
}

Expand All @@ -202,7 +204,7 @@ private async Task<Tuple<string, string>> CreateAccessTokenAsync(ValidatedTokenR
if (request.AuthorizationCode != null)
{
createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess);

tokenRequest = new TokenCreationRequest
{
Subject = request.AuthorizationCode.Subject,
Expand Down Expand Up @@ -247,5 +249,20 @@ private string GetProofKey(ValidatedTokenRequest request)
// for now we only support client generated proof keys
return request.ProofKey;
}

private async Task<string> CreateIdTokenFromRefreshTokenRequestAsync(ValidatedTokenRequest request, string newAccessToken)
{
var oldAccessToken = request.RefreshToken.AccessToken;
var tokenRequest = new TokenCreationRequest
{
Subject = request.RefreshToken.GetOriginalSubject(),
Client = request.Client,
Scopes = await _scopes.FindScopesAsync(oldAccessToken.Scopes),
ValidatedRequest = request,
AccessTokenToHash = newAccessToken
};
var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest);
return await _tokenService.CreateSecurityTokenAsync(idToken);
}
}
}

0 comments on commit 9f5c9fe

Please sign in to comment.