private IList <Claim> GenerateUserClaims(Entity.User user, IList <string> roles, AuthenticationFlow authenticationFlow)
{
try
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
};
if (authenticationFlow.Equals(AuthenticationFlow.Full))
{
var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r));
claims.AddRange(roleClaims);
}
return(claims);
}
catch (Exception ex)
{
logger.LogError($"Claims could not be generated for user: {user.Id}", ex);
throw;
}
}
private async Task <string> GenerateAccessToken(Entity.User user, AuthenticationFlow authenticationFlow)
{
try
{
var roles = await userManager.GetRolesAsync(user);
if (roles is null)
{
return(null);
}
var claims = GenerateUserClaims(user, roles, authenticationFlow);
if (claims is null)
{
return(null);
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenSettings.Secret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: tokenSettings.Issuer,
audience: tokenSettings.Issuer,
claims,
expires: DateTime.Now.AddDays(Convert.ToDouble(tokenSettings.AccessTokenExpirationInDays)),
signingCredentials: creds
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
catch (Exception ex)
{
logger.LogError($"Generating access token for user: {user.Id} was not successfull", ex);
throw;
}
}
public async Task <Result <AuthenticationToken> > GenerateAuthenticationTokenAsync(Entity.User user, string loginProvider, AuthenticationFlow authenticationFlow)
{
try
{
var accessToken = await GenerateAccessToken(user, authenticationFlow);
if (accessToken is null)
{
return(new InvalidResult <AuthenticationToken>("Could not generate access token"));
}
var refreshToken = GenerateRefreshToken();
if (refreshToken is null)
{
return(new InvalidResult <AuthenticationToken>("Could not generate access token"));
}
var refreshTokenExpiration = DateTime.Now.AddDays(Convert.ToDouble(tokenSettings.RefreshTokenExpirationInDays));
var accessTokenExpiration = DateTime.Now.AddDays(Convert.ToDouble(tokenSettings.AccessTokenExpirationInDays));
var token = await repository.AddUserTokenAsync(new UserToken()
{
UserId = user.Id,
User = user,
LoginProvider = loginProvider,
AccessToken = accessToken,
RefreshToken = refreshToken,
RefreshTokenExpiration = refreshTokenExpiration,
AccessTokenExpiration = accessTokenExpiration,
AuthenticationFlow = (int)authenticationFlow,
});
if (token is null)
{
return(new InvalidResult <AuthenticationToken>("Could not save new authentication token"));
}
var result = mapper.Map <UserToken, AuthenticationToken>(token);
return(new SuccessResult <AuthenticationToken>(result));
}
catch (Exception ex)
{
return(new UnexpectedResult <AuthenticationToken>(ex.Message));
}
}
