public JwtValidationResult ValidateToken(string token, bool getOnlyNotExpiredToken = false) { JwtValidationResult result = new JwtValidationResult(); var tokenValidationParameters = new TokenValidationParameters { ValidateAudience = true, ValidateIssuer = true, ValidateIssuerSigningKey = true, ValidateLifetime = getOnlyNotExpiredToken, IssuerSigningKey = ((IJwtSigningDecodingKey)signingKeys).GetKey(), TokenDecryptionKey = ((IJwtEncryptingDecodingKey)encryptingKeys).GetKey(), ValidAudience = jwtOptions.Value.Audience, ValidIssuer = jwtOptions.Value.Issuer }; var tokenHandler = new JwtSecurityTokenHandler(); try { var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out SecurityToken securityToken); JwtSecurityToken jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken != null && jwtSecurityToken.Header.Alg.Equals(encryptingKeys.SigningAlgorithm, StringComparison.InvariantCultureIgnoreCase)) { if (jwtSecurityToken.ValidTo < DateTime.Now) { result.IsTokenExpired = true; } result.SetSuccess(principal); } else { result.SetFail(new SecurityTokenInvalidSigningKeyException()); } } catch (Exception ex) { result.SetFail(ex); } return(result); }
public async Task <ServiceResult> RefreshToken(RefreshTokenViewModel model, string ip) { ServiceResult result = new ServiceResult(); JwtValidationResult validationResult = ValidateToken(model.Token); if (validationResult.IsSuccessful && validationResult.IsTokenExpired) { Session session = await context.Sessions.FirstOrDefaultAsync(s => s.RefreshToken == model.RefreshToken && s.FingerPrint == model.Fingerprint); if (session != null) { var tokens = CreateTokens(new Claim[] { validationResult.Principial.FindFirst("UserId"), validationResult.Principial.FindFirst("UserEmail"), validationResult.Principial.FindFirst("Fingerprint"), validationResult.Principial.FindFirst("SessionId"), new Claim("Ip", ip) }); session.IpAddress = ip; session.RefreshToken = tokens.RefreshToken; await context.SaveChangesAsync(); result.Data = JsonConvert.SerializeObject(tokens); return(result); } else { result.SetFail("Invalid refresh token"); logger.LogWarning("Token wasn't refresh. Invalid session"); } } else { result.SetFail("Invalid token"); logger.LogWarning("Token wasn't refresh. Invalid value or token is not expired: " + model.Token); } return(result); }