public async Task <RawJwtToken> SignIn(IOperation operation, string email, string password)
{
var userIdentityClaims = await userDataStore.GetUserIdentityClaimsByAccessData(operation, email, password);
if (userIdentityClaims == null)
{
throw CommonExceptions.AuthenticationFailed(operation);
}
if (!await userDataStore.IsUserActivated(operation, userIdentityClaims.Id))
{
throw CommonExceptions.AccessDenied(operation, StatusCodes.Status401Unauthorized, true);
}
var identity = GetIdentity(userIdentityClaims);
var token = new RawJwtToken
{
AccessToken = GenerateAccessToken(identity.Claims.ToList()),
RefreshToken = AuthenticationUtils.GenerateRefreshToken()
};
await userDataStore.AddRefreshToken(operation, userIdentityClaims.Id, token.RefreshToken);
return(token);
}
public async Task <RawJwtToken> RefreshToken(IOperation operation, string accessToken, string refreshToken)
{
var principal = GetClaimsPrincipalDataFromToken(operation, accessToken);
var claims = principal.Claims.ToList();
var id = AuthenticationUtils.GetUserId(claims) ?? throw CommonExceptions.FailedToReadAuthenticationDataFromClaims(operation);
if (!await userDataStore.IsUserActivated(operation, id))
{
throw CommonExceptions.AccessDenied(operation, StatusCodes.Status401Unauthorized, true);
}
var refreshTokenId = await userDataStore.GetRefreshTokenId(operation, id, refreshToken);
if (!refreshTokenId.HasValue)
{
throw CommonExceptions.RefreshTokensAreDifferent(operation);
}
var user = await userDataStore.GetUserIdentityClaimsById(operation, id);
if (user == null)
{
throw CommonExceptions.AuthenticationFailed(operation);
}
var identity = GetIdentity(user);
var token = new RawJwtToken
{
AccessToken = GenerateAccessToken(identity.Claims.ToList()),
RefreshToken = AuthenticationUtils.GenerateRefreshToken()
};
await userDataStore.UpdateRefreshToken(operation, refreshTokenId.Value, token.RefreshToken);
return(token);
}