public async Task <TokenRefreshResponseDTO> RefreshTokenAsync(TokenRefreshRequestDTO refreshRequest) { AppUser user = await usersRepository.GetUserOrDefaultByUserNameAsync(refreshRequest.UserName); if (user == null) { throw new BadRequestException("Not valid user!"); } bool validRefreshToken = await usersRepository.HasRefreshTokenAsync(user, refreshRequest.RefreshToken); if (!validRefreshToken) { throw new BadRequestException("Not valid refresh token!"); } await usersRepository.DeleteRefreshTokenAsync(user, refreshRequest.RefreshToken); var newRefreshToken = refreshTokenFactory.GenerateToken(); await usersRepository.CreateRefreshTokenAsync(user, newRefreshToken); var userClaims = GetTokenClaimsForUser(user); return(new TokenRefreshResponseDTO { Token = tokenFactory.GenerateTokenForClaims(userClaims), RefreshToken = newRefreshToken }); }
public async Task <ObjectResult> RefreshAsync() { bool hasToken = HttpContext.Request.Headers.TryGetValue("Authorization", out StringValues tokenHeader); if (!hasToken) { throw new BadRequestException("Provide the expired token in the Athorization header!"); } string token = tokenHeader.ToString().Substring("Bearer ".Length); string refreshToken = HttpContext.Request.Cookies["refreshToken"]; var request = new TokenRefreshRequestDTO { AuthToken = token, RefreshToken = refreshToken }; TokenRefreshResponseDTO response = await authService.RefreshTokenAsync(request); HttpContext.Response.Cookies.Append("refreshToken", response.RefreshToken, new CookieOptions { HttpOnly = true, Secure = true }); return(Ok(new TokenRefreshResponse { AccessToken = "Bearer " + response.Token })); }
public async Task <TokenRefreshResponseDTO> RefreshTokenAsync(TokenRefreshRequestDTO request) { string userEmail = GetEmailOfAuthorizationToken(request); User user = await usersRepository.FindByEmailAsync(userEmail); if (user == null) { throw new BadRequestException("User does not exist!"); } RefreshToken token = usersRepository.GetRefreshToken(user, request.RefreshToken); if (token == null) { throw new ForbiddenException("Refresh token is not valid!"); } var newRefreshToken = refreshTokenFactory.GenerateRefreshToken(); await usersRepository.DeleteRefreshTokenAsync(token); await usersRepository.CreateRefreshTokenAsync(user, newRefreshToken); Claim[] tokenClaims = await GetAuthTokenClaimsForUserAsync(user); string newAccessToken = tokenGenerator.GenerateTokenForClaims(tokenClaims); return(new TokenRefreshResponseDTO { Token = newAccessToken, RefreshToken = newRefreshToken }); }
public override Task <TokenResponseDTO> Refresh(TokenRefreshRequestDTO request, ServerCallContext context) { return(Task.Run(() => { TokenResponseDTO response = new TokenResponseDTO(); RefreshTokenProvider refresh = new RefreshTokenProvider(request.Appid, request.RefreshToken); if (!refresh.Refresh()) { response.RetMsg = refresh.PromptInfo.CustomMessage; response.RetCode = refresh.PromptInfo.ResultType <= 0 ? "0500" : ((int)refresh.PromptInfo.ResultType).ToString().PadLeft(4, '0'); return response; } response.RetCode = "0000"; response.RetMsg = "ok"; response.Data = new TokenResponseDTO.Types.Result { RefreshToken = refresh.OAuthUser.Refresh_Token, Expires = refresh.OAuthUser.Expire_In, Openid = refresh.OAuthUser.Open_Id, RefreshExpires = refresh.OAuthUser.Refresh_Expire_In, Token = refresh.OAuthUser.Token }; return response; })); }
private static string GetEmailOfAuthorizationToken(TokenRefreshRequestDTO request) { return(new JwtSecurityTokenHandler() .ReadJwtToken(request.AuthToken) .Claims .FirstOrDefault(claim => claim.Type == ClaimsIdentity.DefaultNameClaimType) .Value); }
public async Task <ActionResult> RefreshTokenAsync([FromBody] TokenRefreshRequest request) { var requestDTO = new TokenRefreshRequestDTO { RefreshToken = request.RefreshToken, UserName = User.Identity.Name }; TokenRefreshResponseDTO response = await authService.RefreshTokenAsync(requestDTO); return(Ok(response)); }
public ResponseResult <TokenResponseDTO> Refresh(TokenRefreshRequestDTO request) { RefreshTokenProvider refresh = new RefreshTokenProvider(request.Appid, request.RefreshToken); if (!refresh.Refresh()) { return(Fail <TokenResponseDTO>(refresh.PromptInfo.CustomMessage)); } TokenResponseDTO response = new TokenResponseDTO { RefreshToken = refresh.OAuthUser.Refresh_Token, Expires = refresh.OAuthUser.Expire_In, Openid = refresh.OAuthUser.Open_Id, RefreshExpires = refresh.OAuthUser.Refresh_Expire_In, Token = refresh.OAuthUser.Token }; return(Success(response)); }