Beispiel #1
0
        public async Task <HttpResponseMessage> GetRefreshToken(RefreshTokenRequestParams refreshTokenRequestParams)
        {
            using (var httpclient = new HttpClient())
            {
                httpclient.BaseAddress = new Uri(ConfigurationManager.AppSettings["APIHostURL"]);
                httpclient.DefaultRequestHeaders.Accept.Clear();
                httpclient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                Dictionary <string, string> form = new Dictionary <string, string>
                {
                    { "grant_type", "refresh_token" },
                    { "refresh_token", refreshTokenRequestParams.TokenId },
                    { "client_id", ConfigurationManager.AppSettings["as:ClientId"] },
                    { "client_secret", ConfigurationManager.AppSettings["as:ClientSecret"] },
                };
                return(await httpclient.PostAsync("oauth2/token", new FormUrlEncodedContent(form)));
            }
        }
Beispiel #2
0
        public async Task <ActionResult> RequestRefreshToken([FromBody] RefreshTokenRequestParams tokenParams)
        {
            UserResource userWithNewRefreshToken;
            string       newRefreshToken;
            string       newJwtToken;

            try
            {
                string expiredTokenFromClient = tokenParams.AccessToken;
                string refreshTokenFromClient = tokenParams.RefreshToken;

                if (_tokenAuthService.IsRefreshTokenExpired(refreshTokenFromClient))
                {
                    throw new SecurityTokenExpiredException("Refresh Token Is Expired");
                }

                ClaimsPrincipal principal = GetValidatedClaimsPrincipalFromExpiredToken(expiredTokenFromClient);
                string          username  = principal.FindFirstValue("Username");
                string          refreshTokenFromDatabase = await GetStoredRefreshTokenForUser(username);

                if (refreshTokenFromClient != refreshTokenFromDatabase)
                {
                    throw new SecurityTokenValidationException("Invalid Refresh Token");
                }

                IEnumerable <Claim> publicClaims = ExtractPublicClaims(principal);

                newJwtToken = _tokenAuthService.GenerateAccessTokenWithClaims(publicClaims);

                int id = Convert.ToInt32(principal.FindFirstValue("Id"));
                newRefreshToken = _tokenAuthService.GenerateRefreshToken();

                userWithNewRefreshToken = await _userService.SaveRefreshToken(id, newRefreshToken);
            }
            catch (Exception e)
            {
                return(StatusCode(401, $"Unable to issue refresh token: {e.Message}"));
            }

            var result = new { accessToken = newJwtToken, refreshToken = newRefreshToken };

            return(new ObjectResult(result));
        }