private (string RefreshTokenValue, string RefreshTokenSerial) CreateRefreshToken()
{
var refreshTokenSerial = _encryptionService.CreateCryptographicallySecureGuid().ToString().Replace("-", "");
var claims = new List <Claim>
{
// Unique Id for all Jwt tokes
new Claim(JwtRegisteredClaimNames.Jti, _encryptionService.CreateCryptographicallySecureGuid().ToString(), ClaimValueTypes.String, _jwtConfig.Issuer),
// Issuer
new Claim(JwtRegisteredClaimNames.Iss, _jwtConfig.Issuer, ClaimValueTypes.String, _jwtConfig.Issuer),
// Issued at
new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, _jwtConfig.Issuer),
// for invalidation
new Claim(ClaimTypes.SerialNumber, refreshTokenSerial, ClaimValueTypes.String, _jwtConfig.Issuer)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtConfig.Key));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
issuer: _jwtConfig.Issuer,
audience: _jwtConfig.Audience,
claims: claims,
notBefore: now,
expires: now.AddMinutes(_jwtConfig.RefreshTokenExpirationMinutes),
signingCredentials: creds);
var refreshTokenValue = new JwtSecurityTokenHandler().WriteToken(token);
return(refreshTokenValue, refreshTokenSerial);
}
private (string AccessToken, IEnumerable <Claim> Claims) createAccessTokenAsync(Auth_User user)
{
var claims = new List <Claim>
{
// Unique Id for all Jwt tokes
new Claim(JwtRegisteredClaimNames.Jti, _encryptionService.CreateCryptographicallySecureGuid().ToString(), ClaimValueTypes.String, _configuration.Value.Issuer),
// Issuer
new Claim(JwtRegisteredClaimNames.Iss, _configuration.Value.Issuer, ClaimValueTypes.String, _configuration.Value.Issuer),
// Issued at
new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, _configuration.Value.Issuer),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer),
new Claim(ClaimTypes.Name, user.UserName, ClaimValueTypes.String, _configuration.Value.Issuer),
new Claim(ClaimTypes.Email, user.Email?.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer),
// to invalidate the cookie
new Claim(ClaimTypes.SerialNumber, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer),
// custom data
new Claim(ClaimTypes.UserData, user.Id.ToString(), ClaimValueTypes.String, _configuration.Value.Issuer)
};
// add roles
var roleNames = _rolesUserServices.GetNameRoles(user.Id);
foreach (var name in roleNames)
{
claims.Add(new Claim(ClaimTypes.Role, name, ClaimValueTypes.String, _configuration.Value.Issuer));
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.Value.Key));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
issuer: _configuration.Value.Issuer,
audience: _configuration.Value.Audience,
claims: claims,
notBefore: now,
expires: now.AddMinutes(_configuration.Value.AccessTokenExpirationMinutes),
signingCredentials: creds);
return(new JwtSecurityTokenHandler().WriteToken(token), claims);
}
