private (string RefreshTokenValue, string RefreshTokenSerial) CreateRefreshToken() { var refreshTokenSerial = _encryptionService.CreateCryptographicallySecureGuid().ToString().Replace("-", ""); var claims = new List <Claim> { // Unique Id for all Jwt tokes new Claim(JwtRegisteredClaimNames.Jti, _encryptionService.CreateCryptographicallySecureGuid().ToString(), ClaimValueTypes.String, _jwtConfig.Issuer), // Issuer new Claim(JwtRegisteredClaimNames.Iss, _jwtConfig.Issuer, ClaimValueTypes.String, _jwtConfig.Issuer), // Issued at new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, _jwtConfig.Issuer), // for invalidation new Claim(ClaimTypes.SerialNumber, refreshTokenSerial, ClaimValueTypes.String, _jwtConfig.Issuer) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtConfig.Key)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var now = DateTime.UtcNow; var token = new JwtSecurityToken( issuer: _jwtConfig.Issuer, audience: _jwtConfig.Audience, claims: claims, notBefore: now, expires: now.AddMinutes(_jwtConfig.RefreshTokenExpirationMinutes), signingCredentials: creds); var refreshTokenValue = new JwtSecurityTokenHandler().WriteToken(token); return(refreshTokenValue, refreshTokenSerial); }
private (string AccessToken, IEnumerable <Claim> Claims) createAccessTokenAsync(Auth_User user) { var claims = new List <Claim> { // Unique Id for all Jwt tokes new Claim(JwtRegisteredClaimNames.Jti, _encryptionService.CreateCryptographicallySecureGuid().ToString(), ClaimValueTypes.String, _configuration.Value.Issuer), // Issuer new Claim(JwtRegisteredClaimNames.Iss, _configuration.Value.Issuer, ClaimValueTypes.String, _configuration.Value.Issuer), // Issued at new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, _configuration.Value.Issuer), new Claim(ClaimTypes.NameIdentifier, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer), new Claim(ClaimTypes.Name, user.UserName, ClaimValueTypes.String, _configuration.Value.Issuer), new Claim(ClaimTypes.Email, user.Email?.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer), // to invalidate the cookie new Claim(ClaimTypes.SerialNumber, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer), // custom data new Claim(ClaimTypes.UserData, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer) }; // add roles var roleNames = _rolesUserServices.GetNameRoles(user.Id); foreach (var name in roleNames) { claims.Add(new Claim(ClaimTypes.Role, name, ClaimValueTypes.String, _configuration.Value.Issuer)); } var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.Value.Key)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var now = DateTime.UtcNow; var token = new JwtSecurityToken( issuer: _configuration.Value.Issuer, audience: _configuration.Value.Audience, claims: claims, notBefore: now, expires: now.AddMinutes(_configuration.Value.AccessTokenExpirationMinutes), signingCredentials: creds); return(new JwtSecurityTokenHandler().WriteToken(token), claims); }