private async Task <RefreshToken> GenerateJwtRefreshToken(IdentityUser identityUser, string appId)
{
if (appId == null)
{
return(null);
}
string token;
var bytes = new byte[32];
using (var generator = RandomNumberGenerator.Create())
{
generator
.GetBytes(bytes);
token = Convert.ToBase64String(bytes);
}
var removeResult = await this.UserManager
.RemoveAuthenticationTokenAsync(identityUser, JwtBearerDefaults.AuthenticationScheme, appId);
if (!removeResult.Succeeded)
{
this.ThrowIdentityExceptions(removeResult.Errors);
}
var identityUserToken = new IdentityUserTokenExpiry <string>
{
UserId = identityUser.Id,
Name = appId,
Value = token,
LoginProvider = JwtBearerDefaults.AuthenticationScheme,
ExpireAt = DateTimeOffset.UtcNow.AddHours(this.Options.Jwt.RefreshExpirationInHours)
};
await this.DbContext
.AddAsync(identityUserToken);
await this.DbContext
.SaveChangesAsync();
return(new RefreshToken
{
Token = token,
ExpireAt = identityUserToken.ExpireAt
});
}
private async Task <AccessToken> GenerateJwtToken(IdentityUser identityUser, SecurityOptions options)
{
if (identityUser == null)
{
throw new ArgumentNullException(nameof(identityUser));
}
var roles = await this.UserManager
.GetRolesAsync(identityUser);
var userClaims = await this.UserManager
.GetClaimsAsync(identityUser);
var roleClaims = roles
.Select(y => new Claim(ClaimTypes.Role, y));
var claims = new Collection <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, identityUser.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, identityUser.Email),
new Claim(ClaimTypes.Name, identityUser.UserName),
new Claim(ClaimTypes.NameIdentifier, identityUser.Id)
}
.Union(userClaims)
.Union(roleClaims);
var notBeforeAt = DateTime.UtcNow;
var expireAt = DateTime.UtcNow.AddHours(options.Jwt.ExpirationInHours);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(options.Jwt.SecretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var securityToken = new JwtSecurityToken(options.Jwt.Issuer, options.Jwt.Issuer, claims, notBeforeAt, expireAt, signingCredentials);
var token = new JwtSecurityTokenHandler().WriteToken(securityToken);
var refreshToken = await this.GenerateRefreshToken();
var removeResult = await this.UserManager
.RemoveAuthenticationTokenAsync(identityUser, JwtBearerDefaults.AuthenticationScheme, IdentityManager.REFERSH_TOKEN_NAME);
if (!removeResult.Succeeded)
{
this.ThrowIdentityExceptions(removeResult.Errors);
}
var identityUserToken = new IdentityUserTokenExpiry <string>
{
UserId = identityUser.Id,
Name = IdentityManager.REFERSH_TOKEN_NAME,
Value = refreshToken,
LoginProvider = JwtBearerDefaults.AuthenticationScheme,
ExpireAt = DateTimeOffset.UtcNow.AddHours(this.Options.Jwt.RefreshExpirationInHours)
};
await this.DbContext
.AddAsync(identityUserToken);
await this.DbContext
.SaveChangesAsync();
return(new AccessToken
{
Token = token,
RefreshToken = new RefreshToken
{
Token = refreshToken,
ExpireAt = identityUserToken.ExpireAt
},
ExpireAt = expireAt
});
}
