public async Task <UserAndToken> IssueToken(UserModel user, string password) { if (user == null || password == null || user.PasswordHash != Crypto.HashWithSalt(password, user.PasswordSalt)) { _logger.LogDebug("password hashed to -> " + Crypto.HashWithSalt(password, user.PasswordSalt)); _logger.LogDebug("DB password hash -> " + user.PasswordHash); _logger.LogDebug("DB password salt -> " + user.PasswordSalt); throw new ArgumentException($"Invalid username or password"); } string jti = await _config.JtiGenerator(); List <Claim> claims = new List <Claim> { new Claim(AuthConst.CLAIM_ID, user.Id), new Claim(AuthConst.CLAIM_JTI, jti), new Claim(AuthConst.CLAIM_IAT, ToUnixEpochDate(_config.IssuedAt).ToString(), ClaimValueTypes.Integer64), new Claim(AuthConst.CLAIM_USERNAME, user.Username), new Claim(AuthConst.CLAIM_FIRSTNAME, user.Firstname), new Claim(AuthConst.CLAIM_LASTNAME, user.Lastname) }; ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(user.Username, "JwtAccessToken"), claims); ClaimsPrincipal principal = new ClaimsPrincipal(identity); // Create the JWT security token and encode it. JwtSecurityToken jwt = new JwtSecurityToken( issuer: _config.Issuer, audience: _config.Audience, claims: principal.Claims, notBefore: _config.NotBefore, expires: _config.Expiration, signingCredentials: _config.SigningCredentials ); // Export to a model ready for the consumer JwtToken token = new JwtToken() { AccessToken = new JwtSecurityTokenHandler().WriteToken(jwt), ExpiresInSeconds = (int)_config.ValidFor.TotalSeconds }; return(new UserAndToken() { User = user, Token = token }); }
public string GenerateEncodedToken(string userId, string email, IEnumerable <Claim> additionalClaims) { var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, userId), new Claim(JwtRegisteredClaimNames.Email, email), new Claim(JwtRegisteredClaimNames.Jti, _jwtConfiguration.JtiGenerator()), new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64), } .Concat(additionalClaims); var jwt = new JwtSecurityToken( issuer: _jwtConfiguration.Issuer, audience: _jwtConfiguration.Audience, claims: claims, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.Add(_jwtConfiguration.ValidFor), signingCredentials: _jwtConfiguration.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }
public string GenerateEncodedToken(string userId, string email, IEnumerable <Claim> additionalClaims) { var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, userId), new Claim(JwtRegisteredClaimNames.Email, email), new Claim(JwtRegisteredClaimNames.Jti, _jwtOptions.JtiGenerator()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(_jwtOptions.IssuedAt).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), } .Concat(additionalClaims); var jwt = new JwtSecurityToken( issuer: _jwtOptions.Issuer, audience: _jwtOptions.Audience, claims: claims, notBefore: _jwtOptions.NotBefore, expires: _jwtOptions.Expiration, signingCredentials: _jwtOptions.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }