public JwtTokenResult IssueAccessToken(
string id,
string name,
IEnumerable <string> roles,
IEnumerable <KeyValuePair <string, string> > customClaims)
{
var accessResult = GetAccessToken(id, name, roles, customClaims);
var refreshResult = GetRefreshToken(id, name);
var model = new TokenModel(
(accessResult.token, accessResult.expiry, accessResult.jti),
(refreshResult.token, refreshResult.expiry, refreshResult.jti)
);
return(JwtTokenResult.Ok(model, id, accessResult.accessClaims));
}
public JwtTokenResult RefreshAccessToken(
string accessToken,
string refreshToken,
IEnumerable <string> customClaimsType)
{
var result = ValidateRefreshToken(refreshToken);
if (result.result != JwtTokenResult.TokenResult.Ok)
{
return(new JwtTokenResult(result.result));
}
Claim[] accessClaims = null;
try
{
accessClaims = new JwtSecurityTokenHandler()
.ReadJwtToken(accessToken)
.Claims.ToArray();
}
catch
{
return(JwtTokenResult.AccessInvalid());
}
var identityOptions = new IdentityOptions();
var refreshId = result.claims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
var accessId = accessClaims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
if (!refreshId.Equals(accessId))
{
return(JwtTokenResult.Mismatch());
}
//var refreshJti = result.claims
// .FirstOrDefault(x => x.Type
// .Equals(JwtRegisteredClaimNames.Jti))
// .Value;
var accessName = accessClaims
.FirstOrDefault(x => x.Type
.Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
.Value;
var roles = accessClaims
.Where(x => x.Type
.Equals(ClaimTypes.Role));
List <Claim> claims = null;
if (customClaimsType != null)
{
var customClaims = accessClaims
.Where(claim => customClaimsType.Contains(claim.Type))
.ToArray();
if (customClaims != null && customClaims.Length > 0)
{
claims = GetAccessClaims(accessId, accessName, roles, customClaims);
}
else
{
claims = GetAccessClaims(accessId, accessName, roles);
}
}
else
{
claims = GetAccessClaims(accessId, accessName, roles);
}
var newAccessToken = CreateAccessToken(claims);
if (result.update)
{
bool longTermRefresh = result.claims
.Any(x => x.Type.Equals(_options.LongTermRefreshTokenClaim) &&
x.Value.Equals(Boolean.TrueString));
var newRefreshToken = GetRefreshToken(accessId, accessName, longTermRefresh);
return(JwtTokenResult.Ok(new TokenModel
(
newAccessToken,
newRefreshToken
),
accessId,
accessClaims));
}
var incomingRefreshDetails = new JwtTokenDetails()
.Get(refreshToken);
return(JwtTokenResult.Ok(
new TokenModel(
newAccessToken,
(refreshToken, incomingRefreshDetails.Expiration, incomingRefreshDetails.Jti)),
accessId,
accessClaims));
}
