public static bool Check(this DBSessionToken session, SiteInfo siteInfo)
{
return(true);
// TODO: add checks when clients use the sign in and refresh flows defined by IAM and not the old auth APIs
// return session.CheckSiteInfo(siteInfo)
// && session.CheckExpirationDate();
}
public static bool CheckExpirationDate(this DBSessionToken session)
{
var date = session.LastRefreshed ?? session.Issued;
var validUntil = date + SessionTokenRepository.TOKEN_EXPIRATION;
var now = DateTime.UtcNow;
return(validUntil >= now);
}
public static bool CheckSiteInfo(this DBSessionToken session, SiteInfo siteInfo)
{
return(session.UserAgent == siteInfo.UserAgent);
}
