private int?ValidateTokenAndGetUserID(string token)
{
try
{
TokenValidationParameters tokenValidationParams = new TokenValidationParameters
{
ValidateAudience = false, // You might need to validate this one depending on your case
ValidateIssuer = false,
ValidateActor = false,
ValidateLifetime = false, // Do not validate lifetime here
IssuerSigningKey =
new SymmetricSecurityKey(
Encoding.ASCII.GetBytes(_appSettings.JWTSecret)
)
};
SecurityToken securityToken;
ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(token, tokenValidationParams, out securityToken);
JwtSecurityToken jwtSecurityToken = securityToken as JwtSecurityToken;
if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new SecurityTokenException("Invalid token!");
}
string userId = principal.FindFirstValue(ClaimTypes.Name);
if (userId != null && string.IsNullOrEmpty(userId))
{
throw new SecurityTokenException($"Missing claim: {ClaimTypes.Name}!");
}
return(Convert.ToInt32(userId));
}
catch (Exception ex)
{
return(null);
}
}
string CheckAuth(ServerCallContext context)
{
string tokenStr = context.GetHttpContext().Request?.Headers["Authorization"];
if (string.IsNullOrEmpty(tokenStr))
{
return(string.Empty);
}
if (tokenStr.StartsWith(tokenSchema))
{
tokenStr = tokenStr.Split(' ')[1];
}
SecurityToken token;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenSecurityKey));
ClaimsPrincipal claims = new JwtSecurityTokenHandler().ValidateToken(tokenStr, new TokenValidationParameters {
ValidAudience = tokenAudience,
ValidIssuer = tokenIssuer,
IssuerSigningKey = key
}, out token);
var userName = claims.FindFirstValue(ClaimTypes.Name);
return(userName);
}
public async Task <ActionResult> RefreshTokenAsync([FromBody] RefreshTokenDto refreshTokenDto)
{
// Still validate the passed in token, but ignore its expiration date by setting validate lifetime to false
var validationParameters = new TokenValidationParameters
{
ClockSkew = TimeSpan.Zero,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(authSettings.APISecrect)),
RequireSignedTokens = true,
ValidateIssuer = true,
ValidateAudience = true,
RequireExpirationTime = true,
ValidateLifetime = false,
ValidAudience = authSettings.TokenAudience,
ValidIssuer = authSettings.TokenIssuer
};
ClaimsPrincipal tokenClaims;
try
{
tokenClaims = new JwtSecurityTokenHandler().ValidateToken(refreshTokenDto.Token, validationParameters, out var rawValidatedToken);
}
catch (Exception e)
{
return(Unauthorized(e.Message));
}
var userIdClaim = tokenClaims.FindFirstValue(ClaimTypes.NameIdentifier);
if (userIdClaim == null || !int.TryParse(userIdClaim, out var userId))
{
return(Unauthorized("Invalid token."));
}
var user = await userRepository.GetByIdAsync(userId, user => user.RefreshTokens);
if (user == null)
{
return(Unauthorized("Invalid token."));
}
user.RefreshTokens.RemoveAll(token => token.Expiration <= DateTime.UtcNow);
var currentRefreshToken = user.RefreshTokens.FirstOrDefault(token => token.DeviceId == refreshTokenDto.DeviceId && token.Token == refreshTokenDto.RefreshToken);
if (currentRefreshToken == null)
{
await userRepository.SaveAllAsync();
return(Unauthorized("Invalid token."));
}
user.RefreshTokens.Remove(currentRefreshToken);
var token = GenerateJwtToken(user);
var refreshToken = GenerateRefreshToken();
user.RefreshTokens.Add(new RefreshToken
{
Token = refreshToken,
Expiration = DateTimeOffset.UtcNow.AddMinutes(authSettings.RefreshTokenExpirationTimeInMinutes),
DeviceId = refreshTokenDto.DeviceId
});
await userRepository.SaveAllAsync();
return(Ok(new
{
token,
refreshToken
}));
}
public RefreshTokenResult RefreshToken(string token)
{
var tokenValidationParams = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false,
ValidateIssuerSigningKey = true,
ValidIssuer = appOptions.ClientId,
ValidAudience = appOptions.ClientId,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(appOptions.ClientSecret)
)
};
var principal = default(ClaimsPrincipal);
var securityToken = default(SecurityToken);
try
{
principal = new JwtSecurityTokenHandler().ValidateToken(
token, tokenValidationParams, out securityToken
);
}
catch (Exception ex)
{
//TODO: log exception
return(new RefreshTokenResult {
Success = false, Message = "Invalid token"
});
}
var jwtToken = securityToken as JwtSecurityToken;
if (jwtToken == null ||
!string.Equals(jwtToken.Header.Alg, securityAlgorithm, StringComparison.OrdinalIgnoreCase))
{
return(new RefreshTokenResult {
Success = false, Message = "Invalid token"
});
}
var userId = principal.FindFirstValue(SecurityClaims.UserIdentifier);
if (string.IsNullOrWhiteSpace(userId))
{
return(new RefreshTokenResult {
Success = false, Message = "Invalid token"
});
}
var result = GenerateToken(new GenerateTokenRequest
{
UserId = userId,
});
return(new RefreshTokenResult
{
Success = true,
UserId = userId,
Result = result
});
}
