public async Task <Token> ValidateRefreshTokenAsync(string refreshTokenId)
{
try
{
RefreshToken refreshToken = await _refreshTokenRepository.GetByIdAsync(refreshTokenId);
if (refreshToken == null)
{
throw new NotFoundException("refresh token not found");
}
Token token = new Token
{
Jwt = await GenerateAccessTokenAsync(refreshToken.User),
Refresh = await GenerateRefreshTokenAsync(refreshToken.User.Id)
};
await _refreshTokenRepository.DeleteAsync(refreshToken.Id);
_storage.Save();
return(token);
}
catch (Exception ex)
{
throw ex;
}
}
public async Task <string> RefreshAccessToken(string refreshTokenStr)
{
var decodedRefreshToken = _refreshTokenDecoder.Decode(refreshTokenStr);
if (decodedRefreshToken == null)
{
_logger.LogWarning("Cannot refresh access token - decoding failure");
return(null);
}
var refreshToken = await _refreshTokenRepository.GetByIdAsync(decodedRefreshToken.Id);
if (refreshToken?.IsRevoked ?? false)
{
_logger.LogWarning("Cannot refresh access token - no such refresh token or token is revoked");
return(null);
}
return(_accessTokenService.Create(decodedRefreshToken.UserClaims));
}
public async Task <AuthenticationResult> RefreshTokenAsync(string token, string refreshToken)
{
var validatedToken = GetPrincipalFromToken(token);
if (validatedToken == null)
{
return(new AuthenticationResult
{
Errors = new[] { "Invalid Token" }
});
}
var expiryDateUnix =
long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp)
.Value);
var expiryDateTimeUtc =
new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expiryDateUnix);
if (expiryDateTimeUtc > DateTime.UtcNow)
{
return(new AuthenticationResult
{
Errors = new[] { "This token hasn't expired yet" }
});
}
var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
var storedRefreshToken = await refreshTokenRepository.GetByIdAsync(refreshToken)
.ConfigureAwait(false);
if (storedRefreshToken == null)
{
return(new AuthenticationResult
{
Errors = new[] { "This refresh token does not exist" }
});
}
if (DateTime.UtcNow > storedRefreshToken.ExpiryDate)
{
return(new AuthenticationResult
{
Errors = new[] { "This refresh token has expired" }
});
}
if (storedRefreshToken.Invalidated)
{
return(new AuthenticationResult
{
Errors = new[] { "This refresh token has been invalidated" }
});
}
if (storedRefreshToken.Used)
{
return(new AuthenticationResult
{
Errors = new[] { "This refresh token has been used" }
});
}
if (storedRefreshToken.JwtId != jti)
{
return(new AuthenticationResult
{
Errors = new[] { "This refresh token does not match this JWT" }
});
}
storedRefreshToken.Used = true;
refreshTokenRepository.Update(storedRefreshToken);
await refreshTokenRepository.SaveAsync().ConfigureAwait(false);
var user = await userManager
.FindByIdAsync(validatedToken.Claims.Single(x => x.Type == "id").Value)
.ConfigureAwait(false);
return(await GenerateAuthenticationResultForUserAsync(user).ConfigureAwait(false));
}
public async Task <string> GetRefreshTokenAsync(Guid clientId)
{
var entity = await _refreshTokenRepository.GetByIdAsync(clientId);
return(entity?.RefreshToken);
}
