public AuthResponse Refresh(string refreshToken)
{
// validate token and issue new one
var jwt = new Api.Public.Services.JwtService(_config);
var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter;
var principal = jwt.GetClaimsPrincipalFromToken(authToken, false);
var username = principal.Identity.Name;
// var savedRefreshToken = GetRefreshToken(username); //retrieve the refresh token from a data store
// if (savedRefreshToken != refreshToken)
// throw new SecurityTokenException("Invalid refresh token");
var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"]));
var newRefreshToken = jwt.GenerateRefreshToken();
// invalidate old refresh token and store new one
// DeleteRefreshToken(username, refreshToken);
// SaveRefreshToken(username, newRefreshToken);
var authResponse = new AuthResponse
{
Detail = "OK",
AccessToken = newJwtToken,
RefreshToken = newRefreshToken
};
return(authResponse);
}
public string Login(LoginModel login)
{
// TODO: check users login, if valid issue new JWT token based on their user id
var jwt = new Api.Public.Services.JwtService(_config);
var token = jwt.GenerateSecurityToken(login.Username);
return(token);
}
public AuthResponse Login(AuthRequest login)
{
// TODO: check users login, if valid issue new JWT access token and refresh token based on their identity
// Refresh token should be stored or hashed for later use
var jwt = new Api.Public.Services.JwtService(_config);
var authResponse = new AuthResponse
{
Detail = "OK",
AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"])),
RefreshToken = jwt.GenerateRefreshToken()
};
return(authResponse);
}
