Example #1
0
        public JwtTokenResult IssueAccessToken(
            string id,
            string name,
            IEnumerable <string> roles,
            IEnumerable <KeyValuePair <string, string> > customClaims)
        {
            var accessResult  = GetAccessToken(id, name, roles, customClaims);
            var refreshResult = GetRefreshToken(id, name);
            var model         = new TokenModel(
                (accessResult.token, accessResult.expiry, accessResult.jti),
                (refreshResult.token, refreshResult.expiry, refreshResult.jti)
                );

            return(JwtTokenResult.Ok(model, id, accessResult.accessClaims));
        }
Example #2
0
        public JwtTokenResult RefreshAccessToken(
            string accessToken,
            string refreshToken,
            IEnumerable <string> customClaimsType)
        {
            var result = ValidateRefreshToken(refreshToken);

            if (result.result != JwtTokenResult.TokenResult.Ok)
            {
                return(new JwtTokenResult(result.result));
            }

            Claim[] accessClaims = null;
            try
            {
                accessClaims = new JwtSecurityTokenHandler()
                               .ReadJwtToken(accessToken)
                               .Claims.ToArray();
            }
            catch
            {
                return(JwtTokenResult.AccessInvalid());
            }

            var identityOptions = new IdentityOptions();
            var refreshId       = result.claims
                                  .FirstOrDefault(x => x.Type
                                                  .Equals(JwtRegisteredClaimNames.Sub))
                                  .Value;

            var accessId = accessClaims
                           .FirstOrDefault(x => x.Type
                                           .Equals(JwtRegisteredClaimNames.Sub))
                           .Value;

            if (!refreshId.Equals(accessId))
            {
                return(JwtTokenResult.Mismatch());
            }

            //var refreshJti = result.claims
            //    .FirstOrDefault(x => x.Type
            //    .Equals(JwtRegisteredClaimNames.Jti))
            //    .Value;
            var accessName = accessClaims
                             .FirstOrDefault(x => x.Type
                                             .Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
                             .Value;
            var roles = accessClaims
                        .Where(x => x.Type
                               .Equals(ClaimTypes.Role));

            List <Claim> claims = null;

            if (customClaimsType != null)
            {
                var customClaims = accessClaims
                                   .Where(claim => customClaimsType.Contains(claim.Type))
                                   .ToArray();
                if (customClaims != null && customClaims.Length > 0)
                {
                    claims = GetAccessClaims(accessId, accessName, roles, customClaims);
                }
                else
                {
                    claims = GetAccessClaims(accessId, accessName, roles);
                }
            }
            else
            {
                claims = GetAccessClaims(accessId, accessName, roles);
            }

            var newAccessToken = CreateAccessToken(claims);

            if (result.update)
            {
                bool longTermRefresh = result.claims
                                       .Any(x => x.Type.Equals(_options.LongTermRefreshTokenClaim) &&
                                            x.Value.Equals(Boolean.TrueString));

                var newRefreshToken = GetRefreshToken(accessId, accessName, longTermRefresh);

                return(JwtTokenResult.Ok(new TokenModel
                                         (
                                             newAccessToken,
                                             newRefreshToken
                                         ),
                                         accessId,
                                         accessClaims));
            }
            var incomingRefreshDetails = new JwtTokenDetails()
                                         .Get(refreshToken);

            return(JwtTokenResult.Ok(
                       new TokenModel(
                           newAccessToken,
                           (refreshToken, incomingRefreshDetails.Expiration, incomingRefreshDetails.Jti)),
                       accessId,
                       accessClaims));
        }