public static LoginResponseData Execute(ApplicationUser user, IdentityContext context, RefreshToken refreshToken = null)
{
var options = GetOptions();
var now = DateTime.UtcNow;
var claims = new List <Claim>()
{
new Claim(JwtRegisteredClaimNames.NameId, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
};
var userClaims = context.UserClaims.Where(i => i.UserId == user.Id);
foreach (var userClaim in userClaims)
{
claims.Add(new Claim(userClaim.ClaimType, userClaim.ClaimValue));
}
var userRoles = context.UserRoles.Where(i => i.UserId == user.Id);
foreach (var userRole in userRoles)
{
var role = context.Roles.Single(i => i.Id == userRole.RoleId);
claims.Add(new Claim(Extensions.RoleClaimType, role.Name));
}
if (refreshToken == null)
{
refreshToken = new RefreshToken()
{
UserId = user.Id,
Token = Guid.NewGuid().ToString("N"),
};
context.InsertNew(refreshToken);
}
refreshToken.IssuedUtc = now;
refreshToken.ExpiresUtc = now.Add(options.Expiration);
context.SaveChanges();
var jwt = new JwtSecurityToken(
issuer: options.Issuer,
audience: options.Audience,
claims: claims.ToArray(),
notBefore: now,
expires: now.Add(options.Expiration),
signingCredentials: options.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response = new LoginResponseData
{
access_token = encodedJwt,
refresh_token = refreshToken.Token,
expires_in = (int)options.Expiration.TotalSeconds,
userName = user.UserName,
//firstName = user.FirstName,
//lastName = user.LastName,
isAdmin = claims.Any(i => i.Type == Extensions.RoleClaimType && i.Value == Extensions.AdminRole)
};
return(response);
}
