public void AddUserToken(Auth_UserToken userToken) { if (!_configuration.Value.AllowMultipleLoginsFromTheSameUser) { InvalidateUserTokens(userToken.UserId); } DeleteTokensWithSameRefreshTokenSource(userToken.RefreshTokenIdHashSource); _tokenUserRepository.Insert(userToken); }
public void AddUserToken(Auth_User user, string refreshTokenSerial, string accessToken, string refreshTokenSourceSerial) { var now = DateTime.UtcNow; var token = new Auth_UserToken { UserId = user.Id, // Refresh token handles should be treated as secrets and should be stored hashed RefreshTokenIdHash = _encryptionService.GetSha256Hash(refreshTokenSerial), RefreshTokenIdHashSource = string.IsNullOrWhiteSpace(refreshTokenSourceSerial) ? null : _encryptionService.GetSha256Hash(refreshTokenSourceSerial), AccessTokenHash = _encryptionService.GetSha256Hash(accessToken), RefreshTokenExpiresDateTime = now.AddMinutes(_configuration.Value.RefreshTokenExpirationMinutes), AccessTokenExpiresDateTime = now.AddMinutes(_configuration.Value.AccessTokenExpirationMinutes) }; AddUserToken(token); }