public JwtSecurityToken BuildToken(ClaimsIdentity identity)
        {
            var expires = _systemClock.UtcNow.UtcDateTime + _options.Value.TokenLifetime;

            AuthenticationLogMessages.AuthenticationTokenBuilding(_logger, identity, expires);
            var descriptor = new SecurityTokenDescriptor()
            {
                Subject            = identity,
                SigningCredentials = _signingCredentials,
                Expires            = expires
            };

            var token = _tokenHandler.CreateJwtSecurityToken(descriptor);

            AuthenticationLogMessages.AuthenticationTokenBuilt(_logger, token);

            return(token);
        }
Example #2
0
        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
        {
            AuthenticationLogMessages.SignInHandling(Logger);

            var token = _apiAuthenticationTokenBuilder.BuildToken(user.Identities.First());

            AuthenticationLogMessages.AuthenticationTokenBuilt(Logger, token);

            var tokenRawHeaderAndPayload = $"{token.RawHeader}.{token.RawPayload}";

            Response.Cookies.Append(
                key: Options.TokenHeaderAndPayloadCookieKey,
                value: tokenRawHeaderAndPayload,
                options: new CookieOptions()
            {
                IsEssential = true,
                SameSite    = SameSiteMode.Strict,
                HttpOnly    = false,
                Secure      = true,
                Expires     = token.ValidTo
            });
            AuthenticationLogMessages.AuthenticationTokenHeaderAndPayloadAttached(Logger, Options.TokenHeaderAndPayloadCookieKey, tokenRawHeaderAndPayload);

            Response.Cookies.Append(
                key: Options.TokenSignatureCookieKey,
                value: token.RawSignature,
                options: new CookieOptions()
            {
                IsEssential = true,
                SameSite    = SameSiteMode.Strict,
                HttpOnly    = true,
                Secure      = true,
                Expires     = token.ValidTo
            });
            AuthenticationLogMessages.AuthenticationTokenSignatureAttached(Logger, Options.TokenSignatureCookieKey, token.RawSignature);

            AuthenticationLogMessages.SignInHandled(Logger);
            return(Task.CompletedTask);
        }