Beispiel #1
0
        /// <summary>
        /// The access token does contain user user id, user name and user roles.
        /// </summary>
        protected virtual async Task <bool> TrySetContextAccessTokenAsync(BearerSignInManagerContext <UserType, BearerTokenType> context)
        {
            var user = context.User ?? throw BearerSignInManagerThrowHelper.GetContextArgumentException(nameof(context.User));
            var accessTokenDescriptor = signInManagerOptions.CreateAccessTokenDescriptor();

            // Used by authentication middleware.
            accessTokenDescriptor.Claims.Add(ClaimTypes.NameIdentifier, user.Id);
            accessTokenDescriptor.Claims.Add(ClaimTypes.Name, user.UserName);

            try {
                var roles = await userManager.GetRolesAsync(user);

                if (roles != null)
                {
                    foreach (var role in roles)
                    {
                        accessTokenDescriptor.Claims.Add(ClaimTypes.Role, role);
                    }
                }

                context.AccessToken = BearerSignInManagerTools.GenerateJwtToken(accessTokenDescriptor, signInManagerOptions.SetDefaultTimesOnTokenCreation);
                return(true);
            } catch (Exception error) {
                context.SetResult(errorDetailsProvider.LogCriticalThenBuildAppropiateError <object>(error, "The access token could not be created.")
                                  .WithHttpStatusCode(HttpStatusCode.InternalServerError));
            }

            return(false);
        }
Beispiel #2
0
        /// <summary>
        /// The refresh token does contain user security stamp and refresh token id.
        /// </summary>
        protected virtual async Task <bool> TrySetContextRefreshTokenEntityAsync(BearerSignInManagerContext <UserType, BearerTokenType> context)
        {
            var user = context.User ?? throw new ArgumentNullException(nameof(BearerSignInManagerContext <UserType, BearerTokenType> .User));
            var refreshTokenDescriptor = signInManagerOptions.CreateRefreshTokenDescriptor();

            var issuedAtUtc = refreshTokenDescriptor.IssuedAt == null ? DateTime.UtcNow :
                              DateTime.SpecifyKind((DateTime)refreshTokenDescriptor.IssuedAt, DateTimeKind.Utc);

            var expiresAtUtc        = refreshTokenDescriptor.Expires ?? throw new ArgumentNullException(nameof(refreshTokenDescriptor.Expires));
            var refreshTokenEntity  = CreateRefreshToken(user.Id, issuedAtUtc, expiresAtUtc);
            var hasStorageSucceeded = await TryStoreRefreshTokenEntityAsync(context, refreshTokenEntity);

            if (hasStorageSucceeded)
            {
                refreshTokenDescriptor.Claims.Add(identityOptions.Value.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp);
                refreshTokenDescriptor.Claims.Add(BearerSignInManagerDefaults.SignInServiceRefreshTokenIdClaimType, refreshTokenEntity.BearerTokenId);
                var refreshToken = BearerSignInManagerTools.GenerateJwtToken(refreshTokenDescriptor, signInManagerOptions.SetDefaultTimesOnTokenCreation);
                context.RefreshTokenEntity = refreshTokenEntity;
                context.RefreshToken       = refreshToken;
                return(true);
            }

            return(false);
        }