public static RefreshTokenModel GenerateToken(IConnectionMultiplexer connectionMultiplexer, string cacheKey, IEnumerable <Claim> claims, string key, string issuer = null, string audience = null, double?expires = null)
{
RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(key);
RsaSecurityKey privateKey = new RsaSecurityKey(privateKeyParameters);
SigningCredentials credentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256);
JwtSecurityToken securityToken = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: claims,
expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null,
signingCredentials: credentials);
string token = new JwtSecurityTokenHandler().WriteToken(securityToken);
string refreshToken = SaltGenerator.Generate();
IDatabase database = connectionMultiplexer.GetDatabase(0);
database.StringSet(cacheKey, refreshToken);
return(new RefreshTokenModel
{
Token = token,
Expiration = securityToken.ValidTo,
RefreshToken = refreshToken
});
}
public static RefreshTokenModel RefreshToken(IConnectionMultiplexer connectionMultiplexer, string token, string refreshToken, string privateKey, string publicKey, string issuer = null, string audience = null, double?expires = null)
{
ClaimsPrincipal principal = GetPrincipalFromExpiredToken(token, publicKey, issuer, audience);
string ip = principal.Claims.SingleOrDefault(x => x.Type == "ip").Value;
string customerCode = principal.Claims.SingleOrDefault(x => x.Type == "customerCode").Value;
string userName = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier).Value;
string cacheKey = $"{customerCode}-{userName}-{ip}";
IDatabase database = connectionMultiplexer.GetDatabase(0);
var savedRefreshToken = database.StringGet(cacheKey);
if (savedRefreshToken != refreshToken)
{
throw new SecurityTokenException();
}
RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(privateKey);
RsaSecurityKey securityKey = new RsaSecurityKey(privateKeyParameters);
//var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
SigningCredentials credentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
var newSecurityToken = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: principal.Claims,
expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null,
signingCredentials: credentials);
string newToken = new JwtSecurityTokenHandler().WriteToken(newSecurityToken);
string newRefreshToken = SaltGenerator.Generate();
database.StringSet(cacheKey, newRefreshToken);
return(new RefreshTokenModel
{
Token = newToken,
Expiration = newSecurityToken.ValidTo,
RefreshToken = newRefreshToken
});
}
public static TokenValidationParameters GetTokenValidationParameters(string publicKey, string issuer = null, string audience = null)
{
RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(publicKey);
RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters);
return(new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = securityKey,
ValidateIssuer = !string.IsNullOrWhiteSpace(issuer),
ValidIssuer = issuer,
ValidateAudience = !string.IsNullOrWhiteSpace(audience),
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
});
}
public static void AddJwt(this IServiceCollection services, IConfiguration configuration)
{
JwtOptions options = new JwtOptions();
IConfigurationSection section = configuration.GetSection("jwt");
section.Bind(options);
services.Configure <JwtOptions>(configuration.GetSection("jwt"));
RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(options.PublicKey);
RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters);
TokenValidationParameters tokenValidationParameters = TokenManager.GetTokenValidationParameters(options.PublicKey, options.Issuer, options.Audience);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(authorizationOptions =>
{
authorizationOptions.TokenValidationParameters = tokenValidationParameters;
authorizationOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
services.AddAuthorization(authorizationOptions =>
{
authorizationOptions.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
});
}
