public async Task <TokenResult> Execute(string refreshToken) { try { //1.Validate and extract refresh token if (!_refreshTokenExtracter.TryExractToken(refreshToken, out List <Claim> refreshTokenClaims)) { throw new InvalidTokenException("Jwt token is corrupted or expired"); } string rTokenJti = refreshTokenClaims.Single(c => c.Type == JwtRegisteredClaimNames.Jti).Value; //2.Check if refresh token is revoked. If it is throw a security exception if (await _revokedTokenRepo.Exists(rTokenJti)) { throw new TokenRevokedException($"Token {rTokenJti} already revoked"); } //3.Generate short token var key = _symmetricKeyProvider.GetKey(); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); //Create stoken claims using some claims from parent rtoken var shortTokenClaims = refreshTokenClaims.Where(c => c.Type == ClaimTypes.Name || c.Type == ClaimTypes.Role).Select(c => new Claim(c.Type, c.Value)).ToList(); //Add token Jti claim string jti = _tokenIdGenerator.Generate(); shortTokenClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, jti)); //Add RefreshTokenId of the rtoken to the stoken claims as RefreshTokenId claim shortTokenClaims.Add(new Claim("rtokenjti", rTokenJti)); JwtSecurityToken jwtTokenOptions = new JwtSecurityToken( issuer: _shortTokenConfig.ValidIssuer, audience: _shortTokenConfig.ValidAudience, claims: shortTokenClaims, expires: DateTime.Now.AddMinutes(_shortTokenConfig.ExpiresInMin), signingCredentials: creds ); string shortToken = new JwtSecurityTokenHandler().WriteToken(jwtTokenOptions); return(new TokenResult(null, shortToken, jwtTokenOptions.ValidTo)); } catch (Exception ex) { //Log error _logger.LogError("GenerateShortTokenCommand.Execute", "Exception was thrown", new { Exception = ex }); throw; } }
public async Task <IActionResult> Renew([FromBody] RTokenRenewModel renewModel, [FromServices] IRequestClient <UserClaimsMQRequest> userClaimsReqClient, [FromServices] IGenerateRefreshTokenCommand generateRefreshTokenCommand, [FromServices] ITokenExtractor refreshTokenExtractor) { string correlationId = null; try { if (renewModel == null) { return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong"))); } correlationId = Guid.NewGuid().ToString("N"); //Old token verification and accountId retrieval goes here if (!refreshTokenExtractor.TryExractToken(renewModel.OldRToken, out List <Claim> oldClaims)) { return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong"))); } string accountId = oldClaims.Single(x => x.Type == "Account").Value; //Problem with dates DateTime expiredOld = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Unspecified).AddSeconds((long.Parse(oldClaims.Single(x => x.Type == "exp").Value))); //Get user and generate user claims Response <UserClaimsMQResponse> claimsResp = await userClaimsReqClient.GetResponse <UserClaimsMQResponse>(new UserClaimsMQRequest() { CorrelationId = correlationId, AccountId = accountId, ClaimsConsumers = renewModel.ClaimsConsumers }); if (claimsResp.Message.OpSuccess != true) { throw new Exception("Error with userClaimsReqClient request"); } //Generate refresh token var newClaims = claimsResp.Message.GetClaims(); var req = ControllerContext.HttpContext.Request; TokenAdditionalData additionalData = new TokenAdditionalData() { DeviceInfo = "Device info", RequesterIPv4 = "ipv4", RequesterIPv6 = "ipv6" }; TokenResult rTokenResult = await generateRefreshTokenCommand.Execute(accountId, newClaims, additionalData, expiredOld); return(Created("", rTokenResult)); } catch (Exception ex) { //Log error _logger.LogError("RefreshTokenController.Renew", "Exception was thrown", new { CorrelationId = correlationId, TokenRenewModel = renewModel, Exception = ex }); return(BadRequest(ValueResponse <TokenResult> .GeneralError("Something went wrong"))); } }