public async Task <TokenResult> Execute(string refreshToken)
{
try
{
//1.Validate and extract refresh token
if (!_refreshTokenExtracter.TryExractToken(refreshToken, out List <Claim> refreshTokenClaims))
{
throw new InvalidTokenException("Jwt token is corrupted or expired");
}
string rTokenJti = refreshTokenClaims.Single(c => c.Type == JwtRegisteredClaimNames.Jti).Value;
//2.Check if refresh token is revoked. If it is throw a security exception
if (await _revokedTokenRepo.Exists(rTokenJti))
{
throw new TokenRevokedException($"Token {rTokenJti} already revoked");
}
//3.Generate short token
var key = _symmetricKeyProvider.GetKey();
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//Create stoken claims using some claims from parent rtoken
var shortTokenClaims = refreshTokenClaims.Where(c => c.Type == ClaimTypes.Name || c.Type == ClaimTypes.Role).Select(c => new Claim(c.Type, c.Value)).ToList();
//Add token Jti claim
string jti = _tokenIdGenerator.Generate();
shortTokenClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, jti));
//Add RefreshTokenId of the rtoken to the stoken claims as RefreshTokenId claim
shortTokenClaims.Add(new Claim("rtokenjti", rTokenJti));
JwtSecurityToken jwtTokenOptions = new JwtSecurityToken(
issuer: _shortTokenConfig.ValidIssuer,
audience: _shortTokenConfig.ValidAudience,
claims: shortTokenClaims,
expires: DateTime.Now.AddMinutes(_shortTokenConfig.ExpiresInMin),
signingCredentials: creds
);
string shortToken = new JwtSecurityTokenHandler().WriteToken(jwtTokenOptions);
return(new TokenResult(null, shortToken, jwtTokenOptions.ValidTo));
}
catch (Exception ex)
{
//Log error
_logger.LogError("GenerateShortTokenCommand.Execute", "Exception was thrown", new
{
Exception = ex
});
throw;
}
}
public async Task <IActionResult> Renew([FromBody] RTokenRenewModel renewModel,
[FromServices] IRequestClient <UserClaimsMQRequest> userClaimsReqClient,
[FromServices] IGenerateRefreshTokenCommand generateRefreshTokenCommand,
[FromServices] ITokenExtractor refreshTokenExtractor)
{
string correlationId = null;
try
{
if (renewModel == null)
{
return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong")));
}
correlationId = Guid.NewGuid().ToString("N");
//Old token verification and accountId retrieval goes here
if (!refreshTokenExtractor.TryExractToken(renewModel.OldRToken, out List <Claim> oldClaims))
{
return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong")));
}
string accountId = oldClaims.Single(x => x.Type == "Account").Value;
//Problem with dates
DateTime expiredOld = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Unspecified).AddSeconds((long.Parse(oldClaims.Single(x => x.Type == "exp").Value)));
//Get user and generate user claims
Response <UserClaimsMQResponse> claimsResp = await userClaimsReqClient.GetResponse <UserClaimsMQResponse>(new UserClaimsMQRequest()
{
CorrelationId = correlationId,
AccountId = accountId,
ClaimsConsumers = renewModel.ClaimsConsumers
});
if (claimsResp.Message.OpSuccess != true)
{
throw new Exception("Error with userClaimsReqClient request");
}
//Generate refresh token
var newClaims = claimsResp.Message.GetClaims();
var req = ControllerContext.HttpContext.Request;
TokenAdditionalData additionalData = new TokenAdditionalData()
{
DeviceInfo = "Device info",
RequesterIPv4 = "ipv4",
RequesterIPv6 = "ipv6"
};
TokenResult rTokenResult = await generateRefreshTokenCommand.Execute(accountId, newClaims, additionalData, expiredOld);
return(Created("", rTokenResult));
}
catch (Exception ex)
{
//Log error
_logger.LogError("RefreshTokenController.Renew", "Exception was thrown", new
{
CorrelationId = correlationId,
TokenRenewModel = renewModel,
Exception = ex
});
return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong")));
}
}
