JWTInfo _GenerateJwtToken(User user)
{
//https://www.c-sharpcorner.com/article/authentication-and-authorization-in-asp-net-5-with-jwt-and-swagger/
var authClaims = new Claim[]
{
new Claim("Id", user.Id.ToString()), //user id возможно не обязателен
new Claim(JwtRegisteredClaimNames.Sub, user.Email), //.Sub - имя пользователя (у нас это Email)
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var key = Encoding.ASCII.GetBytes(_JWTConfig.Secret);
var signCreds = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature);
var token = new JwtSecurityToken(
// issuer: _configuration["JWT:ValidIssuer"],
// audience: _configuration["JWT:ValidAudience"],
expires: DateTime.Now.AddHours(48),
claims: authClaims,
signingCredentials: signCreds
);
//token.
var jwtTokenHandler = new JwtSecurityTokenHandler();
var jwtToken = jwtTokenHandler.WriteToken(token);
var result = new JWTInfo(jwtToken, token.ValidTo);
return(result);
}
private async Task <JWTInfo> CreateTokenAsync(
IdentityUser user,
UserApp userApp,
IConfiguration configuration,
UserManager <IdentityUser> userManager)
{
string jwtSection = "JwtSettings";
// New approach get the claims from DB, add them in the JWT, encrypt the JWT, and use an interceptor in middleware to get this values an use them globally in the request
var claims = await userManager.GetClaimsAsync(user);
// Create the token
var tokenSection = configuration.GetSection(jwtSection);
DateTime requested = DateTime.Now;
DateTime expiresAt = requested.AddMinutes(Convert.ToInt32(tokenSection["JwtExpiryInMinutes"]));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenSection["JwtSecurityKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiry = expiresAt;
var token = new JwtSecurityToken(
tokenSection["JwtIssuer"],
tokenSection["JwtAudience"],
claims,
expires: expiry,
signingCredentials: creds
);
JwtSecurityToken jwtEncrypted = new JwtSecurityTokenHandler().CreateJwtSecurityToken(
issuer: tokenSection["JwtIssuer"],
audience: tokenSection["JwtAudience"],
subject: new ClaimsIdentity(claims),
expires: expiry,
notBefore: requested,
issuedAt: requested,
signingCredentials: creds,
encryptingCredentials: new EncryptingCredentials(key, JwtConstants.DirectKeyUseAlg, SecurityAlgorithms.Aes256CbcHmacSha512)
);
// Generate the access token
await userManager.RemoveAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
var newRefreshToken = await userManager.GenerateUserTokenAsync(user, "MyApp", "RefreshToken");
await userManager.SetAuthenticationTokenAsync(user, "MyApp", "RefreshToken", newRefreshToken);
var result = new JWTInfo
{
Token = new JwtSecurityTokenHandler().WriteToken(token),
TokenEncrypted = new JwtSecurityTokenHandler().WriteToken(jwtEncrypted),
Requested = requested,
Expires = expiresAt,
RefreshToken = newRefreshToken
};
return(result);
}
