public object Refresh(RefreshCredentials model) { RefreshTokenData _rtd = null; var storedToken = _dc.GetString(model.RefreshToken); if (!string.IsNullOrEmpty(storedToken) && !string.IsNullOrWhiteSpace(storedToken)) { _rtd = JsonConvert.DeserializeObject <RefreshTokenData> (storedToken); } var isValid = false; if (_rtd != null) { isValid = (model.UserId == _rtd.UserID && model.RefreshToken == _rtd.RefreshToken); } if (isValid) { _dc.Remove(model.RefreshToken); return(New(model.UserId)); } return(null); }
private async Task <AuthResultDto> GenerateAuthResult(ApplicationUser user) { var roles = await _userManager.GetRolesAsync(user); var claimsIdentity = _jwtBuilder.GenerateClaimsIdentity(user, roles); var securityToken = _jwtBuilder.GenerateSecurityToken(claimsIdentity); var newRefreshToken = new RefreshTokenData { RefreshToken = Guid.NewGuid().ToString(), Jti = securityToken.Id, CreationDate = DateTime.UtcNow, ExpirationDate = DateTime.UtcNow.AddDays(1), IsUsed = false, IsInvalidated = false, ApplicationUserId = user.Id }; await _context.RefreshTokens.AddAsync(newRefreshToken); await _context.SaveChangesAsync(); return(new AuthResultDto { Token = new JwtSecurityTokenHandler().WriteToken(securityToken), RefreshToken = newRefreshToken.RefreshToken }); }
private void ValidateRefreshTokenData(RefreshTokenData data) { if (data.RefreshToken == null) { throw new ArgumentNullException("The RefreshToken in RefreshTokenData can't be null."); } }
private static RefreshTokenData GetRefreshTokenData(OAuth2ClientCredentials credentials, IEveAccountancyManager eveAccountancyManager) { RefreshTokenData refreshTokenData = eveAccountancyManager.GetRefreshTokenData(); if (refreshTokenData == null || string.IsNullOrWhiteSpace(refreshTokenData.RefreshToken)) { string authorizationUrl = eveAccountancyManager.GetGoogleAuthorizationUrl(credentials); string accessCode = string.Empty; while (string.IsNullOrWhiteSpace(accessCode)) { Console.WriteLine("Please visit"); Console.WriteLine(); Console.WriteLine(authorizationUrl); Console.WriteLine(); Console.Write("and enter your access code: "); accessCode = Console.ReadLine(); } string refreshToken = eveAccountancyManager.GetGoogleRefreshToken(credentials, accessCode); refreshTokenData = new RefreshTokenData() { RefreshToken = refreshToken, }; eveAccountancyManager.SaveRefreshTokenData(refreshTokenData); } return refreshTokenData; }
public object SuccessObject(DateTime createDate, DateTime expirationDate, string token, AccessCredentials credentials, TimeSpan finalExpiration) { var resultado = new { autenticated = true, created = createDate.ToString("yyyy-MM-dd HH:mm:ss"), expiration = expirationDate.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty), message = "OK" }; // Armazena o refresh token em cache através do Redis var refreshTokenData = new RefreshTokenData(); refreshTokenData.RefreshToken = resultado.refreshToken; refreshTokenData.UserID = credentials.UserID; DistributedCacheEntryOptions opcoesCache = new DistributedCacheEntryOptions(); opcoesCache.SetAbsoluteExpiration(finalExpiration); _cache.SetString(resultado.refreshToken, JsonConvert.SerializeObject(refreshTokenData), opcoesCache); return(resultado); }
public async Task <ApiResponseResult <RefreshTokenResponse> > RefreshTokenAsync(CancellationToken token) { RefreshTokenData data = new RefreshTokenData { ResponseType = "token", RefreshToken = TokenStorage.RefreshToken, GrantType = "refresh_token", RedirectUri = "http://api.protonvpn.ch" }; ValidateRefreshTokenData(data); try { HttpRequestMessage request = GetAuthorizedRequest(HttpMethod.Post, "auth/refresh"); this.ValidateRequestHeaders(request); request.Content = GetJsonContent(data); using HttpResponseMessage response = await _client.SendAsync(request, token); string body = await response.Content.ReadAsStringAsync(); return(ApiResponseResult <RefreshTokenResponse>(body, response.StatusCode)); } catch (Exception e) when(e.IsApiCommunicationException()) { throw new HttpRequestException(e.Message); } }
public object Post( [FromBody] AccessCredentials credenciais, [FromServices] UsersDAO usersDAO, [FromServices] SigningConfigurations signingConfigurations, [FromServices] TokenConfigurations tokenConfigurations, [FromServices] IDistributedCache cache) { bool credenciaisValidas = false; if (credenciais != null && !String.IsNullOrWhiteSpace(credenciais.UserID)) { if (credenciais.GrantType == "password") { var usuarioBase = usersDAO.Find(credenciais.UserID); credenciaisValidas = (usuarioBase != null && credenciais.UserID == usuarioBase.UserID && credenciais.AccessKey == usuarioBase.AccessKey); } else if (credenciais.GrantType == "refresh_token") { if (!String.IsNullOrWhiteSpace(credenciais.RefreshToken)) { RefreshTokenData refreshTokenBase = null; string strTokenArmazenado = cache.GetString(credenciais.RefreshToken); if (!String.IsNullOrWhiteSpace(strTokenArmazenado)) { refreshTokenBase = JsonConvert .DeserializeObject <RefreshTokenData>(strTokenArmazenado); } credenciaisValidas = (refreshTokenBase != null && credenciais.UserID == refreshTokenBase.UserID && credenciais.RefreshToken == refreshTokenBase.RefreshToken); // Elimina o token de refresh já que um novo será gerado if (credenciaisValidas) { cache.Remove(credenciais.RefreshToken); } } } } if (credenciaisValidas) { return(GenerateToken( credenciais.UserID, signingConfigurations, tokenConfigurations, cache)); } else { return(new { authenticated = false, message = "Falha ao autenticar" }); } }
private object GenerateToken(string userID, SigningConfigurations signingConfigurations, TokenConfigurations tokenConfigurations, IDistributedCache cache) { ClaimsIdentity identity = new ClaimsIdentity( new GenericIdentity(userID, "Login"), new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, userID) } ); DateTime dataCriacao = DateTime.Now; DateTime dataExpiracao = dataCriacao + TimeSpan.FromSeconds(tokenConfigurations.Seconds); // Calcula o tempo máximo de validade do refresh token // (o mesmo será invalidado automaticamente pelo Redis) TimeSpan finalExpiration = TimeSpan.FromSeconds(tokenConfigurations.FinalExpiration); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = tokenConfigurations.Issuer, Audience = tokenConfigurations.Audience, SigningCredentials = signingConfigurations.SigningCredentials, Subject = identity, NotBefore = dataCriacao, Expires = dataExpiracao }); var token = handler.WriteToken(securityToken); var resultado = new { authenticated = true, created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"), expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty), message = "OK" }; // Armazena o refresh token em cache através do Redis var refreshTokenData = new RefreshTokenData { RefreshToken = resultado.refreshToken, UserID = userID }; DistributedCacheEntryOptions opcoesCache = new DistributedCacheEntryOptions(); opcoesCache.SetAbsoluteExpiration(finalExpiration); cache.SetString(resultado.refreshToken, JsonConvert.SerializeObject(refreshTokenData), opcoesCache); return(resultado); }
private ObjectToken GenerateToken(IUserAuthenticate user) { ClaimsIdentity identity = new ClaimsIdentity( new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim("AccessLogged", user.Access), new Claim("UserProfileLogged", user.UserProfile.GetHashCode().ToString()), new Claim("EnterpriseIdLogged", user.EnterpriseId.ToString()) } ); DateTime dataCriacao = DateTime.Now; DateTime dataExpiracao = dataCriacao + TimeSpan.FromSeconds(_tokenConfigurations.Seconds); // Calcula o tempo máximo de validade do refresh token // (o mesmo será invalidado automaticamente pelo Redis) TimeSpan finalExpiration = TimeSpan.FromSeconds(_tokenConfigurations.FinalExpiration); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = _tokenConfigurations.Issuer, Audience = _tokenConfigurations.Audience, SigningCredentials = _signingConfigurations.SigningCredentials, Subject = identity, NotBefore = dataCriacao, Expires = dataExpiracao }); var token = handler.WriteToken(securityToken); var resultado = new ObjectToken() { authenticated = true, created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"), expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty), message = "OK" }; // Armazena o refresh token em cache através do Redis var refreshTokenData = new RefreshTokenData(); refreshTokenData.RefreshToken = resultado.refreshToken; refreshTokenData.Access = user.Access; DistributedCacheEntryOptions opcoesCache = new DistributedCacheEntryOptions(); opcoesCache.SetAbsoluteExpiration(finalExpiration); opcoesCache.AbsoluteExpiration = DateTime.Now.Add(finalExpiration); opcoesCache.SlidingExpiration = finalExpiration; _cache.SetString(resultado.refreshToken, JsonConvert.SerializeObject(refreshTokenData), opcoesCache); return(resultado); }
public void RefreshTokenDataAccessor_SaveRefreshTokenData() { RefreshTokenDataAccessor refreshTokenDataAccessor = new RefreshTokenDataAccessor(); RefreshTokenData refreshTokenData = new RefreshTokenData(); refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, _filename); Assert.IsTrue(File.Exists(_filename)); }
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData, string filename) { using (TextWriter textWriter = new StreamWriter(filename, false)) { XmlSerializer xmlSerializer = new XmlSerializer(typeof(RefreshTokenData)); xmlSerializer.Serialize(textWriter, refreshTokenData); } }
public async Task <bool> ValidateCredentialsAsync(AccessCredentials credentials) { var validCredentials = false; if (credentials == null || IsNullOrWhiteSpace(credentials.UserId)) { return(false); } switch (credentials.GrantType) { case "password": { var userIdentity = await _userManager.FindByNameAsync(credentials.UserId); if (userIdentity != null) { var loginResult = _signInManager.CheckPasswordSignInAsync(userIdentity, credentials.Password, false).Result; if (loginResult.Succeeded) { validCredentials = _userManager.IsInRoleAsync(userIdentity, Roles.RoleApiEdwardJenner).Result; } } break; } case "refresh_token": { if (!IsNullOrWhiteSpace(credentials.RefreshToken)) { RefreshTokenData refreshTokenBase = null; var refreshTokenCache = await _cache.GetStringCache(credentials.RefreshToken); if (!IsNullOrWhiteSpace(refreshTokenCache)) { refreshTokenBase = JsonConvert .DeserializeObject <RefreshTokenData>(refreshTokenCache); } validCredentials = (refreshTokenBase != null && credentials.UserId == refreshTokenBase.UserId && credentials.RefreshToken == refreshTokenBase.RefreshToken); if (validCredentials) { await _cache.RemoveCache(credentials.RefreshToken); } } break; } } return(validCredentials); }
public IActionResult Post([FromBody] AccessCredentials credenciais, [FromServices] SigningConfigurations signingConfigurations, [FromServices] TokenConfigurations tokenConfigurations, [FromServices] IDistributedCache cache) { bool credenciaisValidas = false; if (credenciais != null && !String.IsNullOrWhiteSpace(credenciais.Usuario)) { if (credenciais.GrantType == GrantType.Password) { // credenciaisValidas = (usuarioBase != null && // credenciais.UserID == usuarioBase.UserID && // credenciais.AccessKey == usuarioBase.AccessKey); credenciaisValidas = true; } else if (credenciais.GrantType == GrantType.RefreshToken) { if (!String.IsNullOrWhiteSpace(credenciais.RefreshToken)) { RefreshTokenData refreshTokenBase = null; string strTokenArmazenado = cache.GetString(credenciais.RefreshToken); if (!String.IsNullOrWhiteSpace(strTokenArmazenado)) { refreshTokenBase = JsonConvert .DeserializeObject <RefreshTokenData>(strTokenArmazenado); } // credenciaisValidas = (refreshTokenBase != null && // credenciais.UserID == refreshTokenBase.UserID && // credenciais.RefreshToken == refreshTokenBase.RefreshToken); credenciaisValidas = true; // Elimina o token de refresh já que um novo será gerado if (credenciaisValidas) { cache.Remove(credenciais.RefreshToken); } } } } if (credenciaisValidas) { return(GenerateToken( credenciais.Usuario, signingConfigurations, tokenConfigurations, cache)); } else { return(StatusCode(StatusCodes.Status401Unauthorized, new { authenticated = false, message = "Falha ao autenticar" })); } }
private async Task <ApplicationUser> HandleRefreshToken(LoginModelRequest loginModel, ResultResponseObject <TokenResponse> resultResponseModel) { bool credenciaisValidas = false; if (String.IsNullOrEmpty(loginModel.RefreshToken)) { RefreshTokenData refreshTokenBase = null; string strTokenArmazenado = _cache.GetString(loginModel.RefreshToken); if (!String.IsNullOrWhiteSpace(strTokenArmazenado)) { refreshTokenBase = JsonConvert .DeserializeObject <RefreshTokenData>(strTokenArmazenado); } credenciaisValidas = (refreshTokenBase != null && loginModel.RefreshToken == refreshTokenBase.RefreshToken); // Elimina o token de refresh já que um novo será gerado if (credenciaisValidas) { _cache.Remove(loginModel.RefreshToken); } } JwtSecurityToken token = null; if (!string.IsNullOrWhiteSpace(loginModel.RefreshToken)) { token = new JwtSecurityTokenHandler().ReadJwtToken(loginModel.RefreshToken); } if (token == null) { resultResponseModel.AddError("Refresh Token", "Não foi possível ler o refresh token"); } else if (token.ValidTo < DateTime.Now) { resultResponseModel.AddError("Refresh Token", "Refresh token inválido"); } else { string userId = token.Claims.First(claim => claim.Type == JwtRegisteredClaimNames.UniqueName).Value; ApplicationUser user = await _userManager.FindByIdAsync(userId); return(user); } return(null); }
public void RefreshTokenDataAccessor_GetRefreshTokenData() { RefreshTokenDataAccessor refreshTokenDataAccessor = new RefreshTokenDataAccessor(); string refreshToken = "RefreshTokenDataAccessor_GetRefreshTokenData"; RefreshTokenData refreshTokenData = new RefreshTokenData() { RefreshToken = refreshToken, }; refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, _filename); RefreshTokenData actual = refreshTokenDataAccessor.GetRefreshTokenData(_filename); Assert.IsNotNull(actual); Assert.AreEqual(refreshToken, actual.RefreshToken); }
public ObjectToken Authenticate(IUserAuthenticateDto userDto, IUserServiceAuthenticate userService) { bool credenciaisValidas = false; if (userDto != null) { if (userDto.TypeLogin == TypeLogin.Login) { var usuarioBase = userService.GetForLogin(userDto); credenciaisValidas = (usuarioBase != null); } else if (userDto.TypeLogin == TypeLogin.RefreshToken && !String.IsNullOrWhiteSpace(userDto.RefreshToken)) { RefreshTokenData refreshTokenBase = null; string strTokenArmazenado = _cache.GetString(userDto.RefreshToken); if (!String.IsNullOrWhiteSpace(strTokenArmazenado)) { refreshTokenBase = JsonConvert .DeserializeObject <RefreshTokenData>(strTokenArmazenado); } credenciaisValidas = (refreshTokenBase != null && userDto.Access == refreshTokenBase.Access && userDto.RefreshToken == refreshTokenBase.RefreshToken); // Elimina o token de refresh já que um novo será gerado if (credenciaisValidas) { _cache.Remove(userDto.RefreshToken); } } } if (credenciaisValidas) { return(GenerateToken(userService.GetByAcess(userDto.Access))); } else { return(new ObjectToken() { authenticated = false, message = "Falha ao autenticar" }); } }
public Token GenerateToken(AccessCredentials credentials) { var identity = new ClaimsIdentity( new GenericIdentity(credentials.UserId, "Login"), new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, credentials.UserId) } ); var creationTime = DateTime.Now; var expirationTime = creationTime + TimeSpan.FromSeconds(_tokenConfigurations.Seconds); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = _tokenConfigurations.Issuer, Audience = _tokenConfigurations.Audience, SigningCredentials = _signingConfigurations.SigningCredentials, Subject = identity, NotBefore = creationTime, Expires = expirationTime }); var token = handler.WriteToken(securityToken); var generateToken = new Token() { Authenticated = true, Created = creationTime.ToString("yyyy-MM-dd HH:mm:ss"), Expiration = expirationTime.ToString("yyyy-MM-dd HH:mm:ss"), AccessToken = token, RefreshToken = Guid.NewGuid().ToString().Replace("-", Empty), Message = "OK" }; var refreshTokenData = new RefreshTokenData { RefreshToken = generateToken.RefreshToken, UserId = credentials.UserId }; var finalExpiration = TimeSpan.FromSeconds(_tokenConfigurations.FinalExpiration); _cache.SetStringCache(generateToken.RefreshToken, JsonConvert.SerializeObject(refreshTokenData), finalExpiration); return(generateToken); }
public object New(string userId) { var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, userId) }; var creationDate = DateTime.Now; var expirationDate = creationDate + TimeSpan.FromMinutes(_tc.Minutes); var finalExpiration = TimeSpan.FromHours(_tc.FinalExpiration); var securityToken = new JwtSecurityToken( _tc.Issuer, _tc.Audience, claims, creationDate, expirationDate, _sc.SigningCredentials ); var token = new JwtSecurityTokenHandler().WriteToken(securityToken); var result = new { userId = userId, created = creationDate.ToString("yyyy-MM-dd HH:mm:ss"), expiration = expirationDate.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, refreshToken = NewRefreshToken() }; var refreshTokenData = new RefreshTokenData(); refreshTokenData.RefreshToken = result.refreshToken; refreshTokenData.UserID = userId; var cacheOptions = new DistributedCacheEntryOptions(); cacheOptions.SetAbsoluteExpiration(finalExpiration); _dc.SetString(result.refreshToken, JsonConvert.SerializeObject(refreshTokenData), cacheOptions ); return(result); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenData refreshTokenData) { if (refreshTokenData == null || string.IsNullOrEmpty(refreshTokenData.RefreshToken)) { return(BadRequest(ResponseMessage.ProblemWithRefreshToken("Refresh token is empty"))); } var refreshToken = Base64Converter.Base64Decode(refreshTokenData.RefreshToken); var dataForRefresh = refreshToken.Split("-"); if (!dataForRefresh.Any()) { return(BadRequest(ResponseMessage.ProblemWithRefreshToken("Token is in bad format"))); } var user = await _userService.GetUserByEmail(dataForRefresh[1]); var club = (await _applicationUserClubRepository.FindByCriteria(i => i.ApplicationUserId == user.Id)).FirstOrDefault(); return(Ok(await GenerateTokens(user, club))); }
public async Task <ApiResponseResult <RefreshTokenResponse> > RefreshTokenAsync(CancellationToken token) { var data = new RefreshTokenData { RefreshToken = TokenStorage.RefreshToken, GrantType = "refresh_token" }; try { var request = GetAuthorizedRequest(HttpMethod.Post, "auth/refresh"); request.Content = GetJsonContent(data); using var response = await _client.SendAsync(request, token); var body = await response.Content.ReadAsStringAsync(); return(ApiResponseResult <RefreshTokenResponse>(body, response.StatusCode)); } catch (Exception e) when(e.IsApiCommunicationException()) { throw new HttpRequestException(e.Message); } }
private RefreshTokenData GenerateRefreshToken(string userId) { string token; var randomNumber = new byte[32]; using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(randomNumber); token = Convert.ToBase64String(randomNumber); } var refreshToken = new RefreshTokenData { UsuarioId = userId, ExpirationDate = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesRefreshTokenValid), RefreshToken = token.Replace("+", string.Empty) .Replace("=", string.Empty) .Replace("/", string.Empty) }; _refreshTokenRepository.Add(refreshToken); return(refreshToken); }
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData) { Logger.Write(string.Format("EveAccountancyManager: Saving RefreshTokenData with refresh token {0} to {1}", refreshTokenData.RefreshToken, Common.kRefreshTokenDataFilename)); IUnityContainer unityContainer = UnityContainerFactory.GetUnityContainer(); IRefreshTokenDataAccessor refreshTokenDataAccessor = unityContainer.Resolve<IRefreshTokenDataAccessor>(); refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, Common.kRefreshTokenDataFilename); }
//[Authorize("Bearer")] public ActionResult RefreshToken([FromBody] RefreshTokenData refresh) { var re = Request; var headers = re.Headers; string original = null; if (headers.ContainsKey("Authorization")) { original = headers["Authorization"].ToString().Replace("Bearer ", ""); } if (string.IsNullOrEmpty(original)) { return(Unauthorized()); // new { authenticated = false }); } if (refresh.grant_type != "refresh_token") { return(Unauthorized());//new { authenticated = false }; } var handler = new JwtSecurityTokenHandler(); var validationParametersRefresh = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = _tokenOptions.Issuer, ValidateAudience = true, ValidAudience = _tokenOptions.Audience, ValidateIssuerSigningKey = true, IssuerSigningKey = _tokenOptions.Key, ValidateLifetime = true }; var validationParametersOriginal = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = _tokenOptions.Issuer, ValidateAudience = true, ValidAudience = _tokenOptions.Audience, ValidateIssuerSigningKey = true, IssuerSigningKey = _tokenOptions.Key, ValidateLifetime = false }; ClaimsPrincipal principalOriginal = null; try { principalOriginal = handler.ValidateToken(original, validationParametersOriginal, out var tokiOriginal); handler.ValidateToken(original, validationParametersRefresh, out _); } catch { return(Unauthorized()); // new {authenticated = false}; } var ime = principalOriginal.Claims.First(c => c.Type == "Ime"); var prezime = principalOriginal.Claims.First(c => c.Type == "Prezime"); var username = principalOriginal.Claims.First(c => c.Type == ClaimTypes.Name); var email = principalOriginal.Claims.First(c => c.Type == ClaimTypes.Email); var userid = principalOriginal.Claims.First(c => c.Type == ClaimTypes.NameIdentifier); var subj = new ClaimsIdentity(); var user = _userManager.KorisnikPostoji(username.Value); if (user == null) { return(Unauthorized()); //new { authenticated = false }; } //var roles = user.Claims.Where(c => c.ClaimType == ClaimTypes.Role).ToList(); var roles = user.Uloge; subj.AddClaim(new Claim("Ime", ime.Value)); subj.AddClaim(new Claim("Prezime", prezime.Value)); subj.AddClaim(new Claim(ClaimTypes.Email, email.Value)); subj.AddClaim(new Claim(ClaimTypes.Name, username.Value)); subj.AddClaim(new Claim(JwtRegisteredClaimNames.UniqueName, username.Value)); subj.AddClaim(new Claim(ClaimTypes.NameIdentifier, userid.Value)); subj.AddClaim(new Claim("Jezik", user.Lang)); subj.AddClaims(roles.Select(r => new Claim(ClaimTypes.Role, r))); //var expires = DateTime.UtcNow.AddHours(_satiT); var expires = DateTime.UtcNow.AddMinutes(_minT); var accessToken = GetToken(username.Value, expires, subj); //expires = DateTime.UtcNow.AddHours(_satiRT); expires = DateTime.UtcNow.AddMinutes(_minRT); var refreshToken = GetRefreshToken(username.Value, expires); var query = _session.CreateSQLQuery("exec LogKorisnika :username, :akcija"); query.SetParameter("username", username.Value, NHibernateUtil.String); query.SetParameter("akcija", "Refresh", NHibernateUtil.String); query.ExecuteUpdate(); return(Ok(new { authenticated = true, userId = userid.Value, access_token = accessToken, refresh_token = refreshToken })); }
private object GenerateToken(string userID, SigningConfigurations signingConfigurations, TokenConfigurations tokenConfigurations, IEnumerable <Role> roles, UsersDAO usersDAO) { ClaimsIdentity identity = new ClaimsIdentity( new GenericIdentity(userID, "Login"), new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, userID) } ); if (roles != null) { foreach (var role in roles) { identity.AddClaim(new Claim(ClaimTypes.Role, role.Name)); } } DateTime dataCriacao = DateTime.Now; DateTime dataExpiracao = dataCriacao + TimeSpan.FromSeconds(tokenConfigurations.Seconds); // Calcula o tempo máximo de validade do refresh token // (o mesmo será invalidado automaticamente pelo Redis) TimeSpan finalExpiration = TimeSpan.FromSeconds(tokenConfigurations.FinalExpiration); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = tokenConfigurations.Issuer, Audience = tokenConfigurations.Audience, SigningCredentials = signingConfigurations.SigningCredentials, Subject = identity, NotBefore = dataCriacao, Expires = dataExpiracao }); var token = handler.WriteToken(securityToken); var resultado = new { authenticated = true, created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"), expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty), message = "OK" }; // Armazena o refresh token em cache através do Redis var refreshTokenData = new RefreshTokenData(); refreshTokenData.RefreshToken = resultado.refreshToken; refreshTokenData.UserID = userID; //salvar no banco o novo refresh token usersDAO.UpdateRefreshToken(userID, resultado.refreshToken); return(resultado); }
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData, string filename) { }
public RefreshTokenModel(string refreshToken, RefreshTokenData data) { RefreshToken = refreshToken; Data = data; }