Beispiel #1
0
        public async Task <JwtAuthenticationResult> RefreshAsync(string expiredAccessToken, string refreshToken)
        {
            _logger.LogTrace("Reading username from token {Token}", refreshToken);
            if (!TryGetGetUserFromToken(expiredAccessToken, out var userName, out var securityToken))
            {
                _logger.LogWarning("Failed to get user through token");
                return(new JwtAuthenticationResult()
                {
                    AuthenticationRequired = true
                });
            }

            _logger.LogTrace("Obtaining user through userName {@UserName}", userName);
            var user = await _userManager.FindByNameAsync(userName);

            if (user == null)
            {
                _logger.LogWarning("Failed to get user through principal");
                return(new JwtAuthenticationResult()
                {
                    AuthenticationRequired = true
                });
            }

            var refreshTokenData = await _refreshTokenManager.GetRefreshTokenAsync(user, refreshToken);

            if (refreshTokenData == null)
            {
                _logger.LogWarning("No refresh token available but there should be one");
                return(new JwtAuthenticationResult()
                {
                    AuthenticationRequired = true
                });
            }
            else
            {
                if (refreshTokenData.IsUsed)
                {
                    _logger.LogWarning("A used token refresh token was sent again - perhaps someone stole the token, expire all client tokens and force re-authentication");
                    await _refreshTokenManager.RemoveAllAsync(user);

                    return(new JwtAuthenticationResult()
                    {
                        AuthenticationRequired = true
                    });
                }
            }

            using (var transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
            {
                _logger.LogDebug("Generating new authentication from refresh token");
                var authenticationResult = await CreateAuthenticationResultFromUserAsync(user);

                await _refreshTokenManager.InvalidateRefreshTokenAsync(user, refreshToken);

                transaction.Complete();

                return(authenticationResult);
            }
        }