private async Task <string> CreateRefreshToken(string clientId, string userName, Guid userId)
{
var refreshToken = Guid.NewGuid().ToString("n");
Logger.LogDebug($"Create refresh token for {userName}");
// hash refresh_token so session can't be hijacked
var hashedToken = HashToken(refreshToken);
var token = new RefreshToken
{
TokenHashed = hashedToken,
ClientId = clientId,
UserId = userId,
UserName = userName,
Issued = DateTimeOffset.UtcNow,
Expires = DateTimeOffset.UtcNow.Add(_principalOptions.Value.RefreshExpire)
};
await _dataContext.AddAsync(token).ConfigureAwait(false);
await _dataContext.SaveChangesAsync().ConfigureAwait(false);
return(refreshToken);
}
