public async Task <string> GenerateRefreshToken(string userName, ClaimsIdentity claimsIdentity, string ip, string userAgent)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, userName),
new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(), ClaimValueTypes.Integer64),
claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id)
};
var jwt = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claims,
notBefore: _jwtOptions.NotBefore,
expires: _jwtOptions.RefleshExpiration,
signingCredentials: _jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var hashedJwt = _userManager.PasswordHasher.HashPassword(new AppUser(), encodedJwt);
//remove tokens for user if strange activity
var tokensFromDb = _repository.GetTokensForUser(claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id).Value).ToList();
if (tokensFromDb.Count() > 20)
{
foreach (var t in tokensFromDb.ToList())
{
if (t != null)
{
await _repository.DeleteRefleshToken(t);
}
}
}
else
{
foreach (var t in tokensFromDb.ToList())
{
if (t.Expiration < ToUnixEpochDate(DateTime.UtcNow))
{
await _repository.DeleteRefleshToken(t);
}
}
}
await _repository.AddRefreshToken(new Entities.RefreshToken()
{
Token = hashedJwt,
IdentityId = claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id).Value,
Expiration = ToUnixEpochDate(_jwtOptions.RefleshExpiration),
Ip = ip,
Useragent = userAgent
});
return(encodedJwt);
}
