added postman example of the oauth flow - getting the access token and also refreshing the token

Author: cDoru

postman/WebApiBoilerplate.postman_collection.json

@@ -0,0 +1,95 @@
+{
+	"variables": [],
+	"info": {
+		"name": "WebApiBoilerplate",
+		"_postman_id": "e7aa613e-df3e-a38b-fbe2-f4387f7fa1e0",
+		"description": "",
+		"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
+	},
+	"item": [
+		{
+			"name": "AUTH - Receive authentication token",
+			"request": {
+				"url": "http://localhost:49972/auth/token",
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"value": "application/x-www-form-urlencoded",
+						"description": ""
+					}
+				],
+				"body": {
+					"mode": "urlencoded",
+					"urlencoded": [
+						{
+							"key": "username",
+							"value": "doruc",
+							"description": "",
+							"type": "text"
+						},
+						{
+							"key": "password",
+							"value": "asdf3235",
+							"description": "",
+							"type": "text"
+						},
+						{
+							"key": "grant_type",
+							"value": "password",
+							"description": "",
+							"type": "text"
+						},
+						{
+							"key": "client_id",
+							"value": "F1179B6B-15A8-4250-9ED9-4C2D5EE0376B",
+							"description": "",
+							"type": "text"
+						}
+					]
+				},
+				"description": "Demonstrates how to receive an authentication token from the oauth layer we have set-up "
+			},
+			"response": []
+		},
+		{
+			"name": "AUTH - Renew authentication token with refresh token",
+			"request": {
+				"url": "http://localhost:49972/auth/token",
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"value": "application/x-www-form-urlencoded",
+						"description": ""
+					}
+				],
+				"body": {
+					"mode": "urlencoded",
+					"urlencoded": [
+						{
+							"key": "refresh_token",
+							"value": "2fb97c7f71a24676b08fd9fb18acad6f",
+							"description": "",
+							"type": "text"
+						},
+						{
+							"key": "grant_type",
+							"value": "refresh_token",
+							"description": "",
+							"type": "text"
+						},
+						{
+							"key": "client_id",
+							"value": "F1179B6B-15A8-4250-9ED9-4C2D5EE0376B",
+							"description": "",
+							"type": "text"
+						}
+					]
+				},
+				"description": "Demonstrates how to receive an authentication token from the oauth layer we have set-up "
+			},
+			"response": []
+		}
+	]
+}

src/App/App.Api/App.Api.csproj

@@ -331,6 +331,7 @@
       <DependentUpon>Global.asax</DependentUpon>
     </Compile>
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Security\IRefreshTokenManager.cs" />
     <Compile Include="Security\JwtFormat.cs" />
     <Compile Include="Security\OauthProvider.cs" />
     <Compile Include="Security\RefreshTokenManager.cs" />

src/App/App.Api/Areas/HelpPage/HelpPageAreaRegistration.cs

@@ -15,12 +15,12 @@ public override string AreaName
 
         public override void RegisterArea(AreaRegistrationContext context)
         {
-            context.MapRoute(
-                "HelpPage_Default",
-                "Help/{action}/{apiId}",
-                new { controller = "Help", action = "Index", apiId = UrlParameter.Optional });
+        //    context.MapRoute(
+        //        "HelpPage_Default",
+        //        "Help/{action}/{apiId}",
+        //        new { controller = "Help", action = "Index", apiId = UrlParameter.Optional });
 
-            HelpPageConfig.Register(GlobalConfiguration.Configuration);
+            //HelpPageConfig.Register(GlobalConfiguration.Configuration);
         }
     }
 }

src/App/App.Api/Security/IRefreshTokenManager.cs

@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using App.Dto.Request;
+using App.Entities.Security;
+
+namespace App.Api.Security
+{
+    public interface IRefreshTokenManager : IDisposable
+    {
+        IEnumerable<Client> GetClients();
+        IEnumerable<Client> GetAllowedClients();
+        Client FindClient(string clientId);
+        Task<Client> AddClientAsync(ClientBindingModel clientModel);
+        Task<bool> RemoveClient(string id);
+        Task<bool> AddRefreshToken(RefreshToken token);
+        Task<bool> RemoveRefreshToken(RefreshToken existingToken);
+        Task<bool> RemoveRefreshToken(string refreshTokenId);
+        Task<RefreshToken> FindRefreshToken(string refreshTokenId);
+        List<RefreshToken> GetAllRefreshTokens();
+    }
+}

src/App/App.Api/Security/RefreshTokenManager.cs

@@ -10,20 +10,6 @@
 
 namespace App.Api.Security
 {
-    public interface IRefreshTokenManager : IDisposable
-    {
-        IEnumerable<Client> GetClients();
-        IEnumerable<Client> GetAllowedClients();
-        Client FindClient(string clientId);
-        Task<Client> AddClientAsync(ClientBindingModel clientModel);
-        Task<bool> RemoveClient(string id);
-        Task<bool> AddRefreshToken(RefreshToken token);
-        Task<bool> RemoveRefreshToken(RefreshToken existingToken);
-        Task<bool> RemoveRefreshToken(string refreshTokenId);
-        Task<RefreshToken> FindRefreshToken(string refreshTokenId);
-        List<RefreshToken> GetAllRefreshTokens();
-    }
-
     public class RefreshTokenManager : IRefreshTokenManager
     {
         private readonly DatabaseContext _context;
@@ -45,7 +31,7 @@ public IEnumerable<Client> GetAllowedClients()
 
         public Client FindClient(string clientId)
         {
-            var client = _context.Clients.Find(clientId);
+            var client = _context.Clients.Find(Guid.Parse(clientId));
             return client;
         }
 

src/App/App.Api/Security/RefreshTokenProvider.cs

@@ -35,8 +35,7 @@ public async Task CreateAsync(AuthenticationTokenCreateContext context)
 
             var token = new RefreshToken
             {
-                Id = Guid.NewGuid(),
-                RefreshTokenId = refreshTokenId.GetHash(),
+                Id = refreshTokenId.GetHash(),
                 ClientId = clientId,
                 Subject = context.Ticket.Identity.Name,
                 IssuedUtc = DateTime.UtcNow,
@@ -64,7 +63,7 @@ public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
             context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
 
             var hashedTokenId = context.Token.GetHash();
-            var refreshToken = await context.OwinContext.Get<RefreshTokenManager>().FindRefreshToken(hashedTokenId);
+            var refreshToken = await _refreshTokenManager.FindRefreshToken(hashedTokenId);
 
             if (refreshToken != null)
             {

src/App/App.Database/App.Database.csproj

@@ -91,6 +91,10 @@
     <Compile Include="Migrations\201708080013595_RenameAspTables.Designer.cs">
       <DependentUpon>201708080013595_RenameAspTables.cs</DependentUpon>
     </Compile>
+    <Compile Include="Migrations\201708092106290_RevertRefreshTokenId.cs" />
+    <Compile Include="Migrations\201708092106290_RevertRefreshTokenId.Designer.cs">
+      <DependentUpon>201708092106290_RevertRefreshTokenId.cs</DependentUpon>
+    </Compile>
     <Compile Include="Security\ApplicationRoleManager.cs" />
     <Compile Include="Security\ApplicationUser.cs" />
     <Compile Include="Security\ApplicationUserManager.cs" />
@@ -146,6 +150,9 @@
     <EmbeddedResource Include="Migrations\201708080013595_RenameAspTables.resx">
       <DependentUpon>201708080013595_RenameAspTables.cs</DependentUpon>
     </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\201708092106290_RevertRefreshTokenId.resx">
+      <DependentUpon>201708092106290_RevertRefreshTokenId.cs</DependentUpon>
+    </EmbeddedResource>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>

src/App/App.Database/Migrations/201708092106290_RevertRefreshTokenId.Designer.cs

@@ -0,0 +1,24 @@
+namespace App.Database
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class RevertRefreshTokenId : DbMigration
+    {
+        public override void Up()
+        {
+            DropPrimaryKey("dbo.RefreshTokens");
+            AlterColumn("dbo.RefreshTokens", "Id", c => c.String(nullable: false, maxLength: 128));
+            AddPrimaryKey("dbo.RefreshTokens", "Id");
+            DropColumn("dbo.RefreshTokens", "RefreshTokenId");
+        }
+        
+        public override void Down()
+        {
+            AddColumn("dbo.RefreshTokens", "RefreshTokenId", c => c.String());
+            DropPrimaryKey("dbo.RefreshTokens");
+            AlterColumn("dbo.RefreshTokens", "Id", c => c.Guid(nullable: false));
+            AddPrimaryKey("dbo.RefreshTokens", "Id");
+        }
+    }
+}