public async Task <IActionResult> Refresh(
[FromBody] RefreshTokenDto dto)
{
var principal = _tokenService
.GetPrincipalFromExpiredToken(dto.AccessToken);
if (principal is null)
{
return(Unauthorized(_localizer["Invalid credentials."]));
}
var userEmail = principal.FindFirstValue(ClaimTypes.Email);
var user = await _userManager.FindByEmailAsync(userEmail);
if (user is null || user.RefreshTokenExpired())
{
return(Unauthorized(_localizer["Invalid credentials."]));
}
var tokenResponse = _tokenService
.GetToken(user, HttpContext.GenerateIpAddress());
user.RefreshToken = tokenResponse.RefreshToken;
user.RefreshTokenExpiryTime = tokenResponse.RefreshTokenExpiryTime;
await _userManager.UpdateAsync(user);
return(Ok(new RefreshAccessTokenVm
{
AccessToken = tokenResponse.Token,
}));
}
/// <summary>
/// Creates the asynchronous.
/// </summary>
/// <param name="context">The context.</param>
/// <returns>
/// The <see cref="Task" />.
/// </returns>
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var token = new RefreshTokenDto
{
Token = DbHelper.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(refreshTokenLifeTime.ToInt64())
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
var authRepo = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <IAuthRepository>();
var result = await authRepo.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
public AccessGrantDto RefreshToken(RefreshTokenDto refreshTokenDto)
{
// Validate old access token.
var tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
ValidateLifetime = false,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_generalSettings.JwtKey))
};
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken securityToken = null;
IEnumerable <Claim> claims = null;
try
{
claims = tokenHandler.ValidateToken(refreshTokenDto.AccessToken, tokenValidationParameters, out securityToken).Claims;
}
catch (Exception)
{
throw new UnauthorizedException("Invalid access token");
}
var jwtSecurityToken = securityToken as JwtSecurityToken;
if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new UnauthorizedException("Invalid access token");
}
// Validate refresh token
var authTokenId = claims.FirstOrDefault(c => c.Type == AuthClaimTypes.AuthTokenId).Value;
var authToken = _mainContext.AuthTokens.Find(int.Parse(authTokenId));
if (authToken == null || authToken.RereshToken != refreshTokenDto.RefreshToken || authToken.Expiry < DateTime.Now)
{
throw new UnauthorizedException("Invalid refresh token.");
}
// Update auth token in database
var refreshToken = GenerateRefreshToken();
authToken.RereshToken = refreshToken;
authToken.Expiry = DateTime.Now.AddDays(_generalSettings.RefreshTokenExpiresIn);
_mainContext.SaveChanges();
// Generate access token
var accessToken = GenerateAccessToken(claims.ToArray());
var userId = int.Parse(claims.FirstOrDefault(c => c.Type == AuthClaimTypes.UserId).Value);
return(new AccessGrantDto
{
TokenType = "Bearer",
AccessToken = accessToken,
RefreshToken = refreshToken,
JwtExpiresIn = _generalSettings.JwtExpiresIn
});
}
public ActionResult RefreshToken([FromBody] RefreshTokenDto request)
{
if (request.Token == null && request.RefreshToken == null)
{
return(BadRequest("Invalid Request"));
}
//这儿是验证Token的代码
var handler = new JwtSecurityTokenHandler();
try
{
ClaimsPrincipal claim = handler.ValidateToken(request.Token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_tokenParameter.Secret)),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false,
}, out SecurityToken securityToken);
var username = claim.Identity.Name;
//这儿是生成Token的代码
var token = GenUserToken(username, "testUser");
var refreshToken = "654321";//改成随机的
return(Ok(new[] { token, refreshToken }));
}
catch (Exception)
{
return(BadRequest("Invalid Request"));
}
}
public async Task <IActionResult> RefreshTokenWithoutAuthToken(RefreshTokenDto refreshTokenDto)
{
IEnumerable <KeyValuePair <string, string> > keyValuePairs = new Dictionary <string, string> {
{ "grant_type", "refresh_token" }, { "client_id", "Authentication" }, { "client_secret", "clientsecret" }, { "scope", "api.sample offline_access" }, { "refresh_token", refreshTokenDto.RefreshToken }
};
var domin = ContextHelper.GetDomin();
AccesToken accesToken = await HttpClientHelper.PostFormUrlEncoded <AccesToken>($"{domin.AbsoluteUri}connect/token", keyValuePairs);
if (!string.IsNullOrWhiteSpace(accesToken.access_token))
{
return(Ok(new ReturnDto()
{
Data = accesToken,
ErrorData = null,
Status = true
}));
}
return(Ok(new ReturnDto()
{
Data = null,
ErrorData = null,
Status = false
}));;
}
public async Task <IActionResult> Refresh([FromBody] RefreshTokenDto tokenDto)
{
if (tokenDto is null)
{
return(BadRequest(new AuthResponseDto {
IsAuthSuccessful = false, ErrorMessage = "Invalid client request"
}));
}
var principal = _tokenService.GetPrincipalFromExpiredToken(tokenDto.Token);
var username = principal.Identity.Name;
var user = await _userManager.FindByNameAsync(username);
if (user == null || user.RefreshToken != tokenDto.RefreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest(new AuthResponseDto {
IsAuthSuccessful = false, ErrorMessage = "Invalid client request"
}));
}
var signingCredentials = _tokenService.GetSigningCredentials();
var claims = await _tokenService.GetClaims(user);
var tokenOptions = _tokenService.GenerateTokenOptions(signingCredentials, claims);
var token = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
user.RefreshToken = _tokenService.GenerateRefreshToken();
await _userManager.UpdateAsync(user);
return(Ok(new AuthResponseDto {
Token = token, RefreshToken = user.RefreshToken, IsAuthSuccessful = true
}));
}
public async Task <IActionResult> RefreshToken(RefreshTokenDto refreshTokenDto)
{
var user = await _applicationRepository.FindUserByRefreshToken(refreshTokenDto.RefreshToken);
if (user == null)
{
return(BadRequest("No user matches to that token"));
}
if (!_tokenHelperRepository.ValidateRefreshToken(user.RefreshTokenExpireTime))
{
return(BadRequest("Your refresh token has expired"));
}
user.RefreshToken = _tokenHelperRepository.GenerateRefreshToken();
user.RefreshTokenExpireTime = DateTime.Now.AddMinutes(10);
_applicationRepository.Update(user);
await _applicationRepository.SaveAll();
var token = _tokenHelperRepository.GenerateAccessToken(user);
return(Ok(new {
token = token,
refreshToken = user.RefreshToken
}));
}
public async Task <IActionResult> Refresh([FromBody] RefreshTokenDto tokenDto)
{
if (tokenDto is null)
{
return(BadRequest(new AuthResponseDto {
IsAuthSuccessful = false, ErrorMessage = _localizer[resources.UsuarioAutenticacao].Value
}));
}
var principal = _tokenService.GetPrincipalFromExpiredToken(tokenDto.Token);
var username = principal.Identity.Name;
var usuarioIdentity = await _userManager.FindByNameAsync(username);
var signingCredentials = _tokenService.GetSigningCredentials();
var claims = await _tokenService.GetClaims(usuarioIdentity);
var tokenOptions = _tokenService.GenerateTokenOptions(signingCredentials, claims);
var token = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
usuarioIdentity.RefreshToken = _tokenService.GenerateRefreshToken();
usuarioIdentity.RefreshTokenExpiryTime = DateTime.Now.AddDays(7);
await _userManager.UpdateAsync(usuarioIdentity);
return(Ok(new AuthResponseDto {
Token = token, RefreshToken = usuarioIdentity.RefreshToken, IsAuthSuccessful = true
}));
}
public async Task <IHttpActionResult> Auth([FromBody] LoginDto login)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = await _unitOfWork.Repository <User>().FindAsync(t => t.Email == login.Email && t.Password == login.Password);
if (user == null)
{
return(NotFound());
}
if (!user.IsActived)
{
return(StatusCode(System.Net.HttpStatusCode.Forbidden));
}
var accessToken = new AccessTokenDto()
{
AT_UserId = user.Id, AT_Time = DateTime.Now
};
var refreshToken = new RefreshTokenDto()
{
RT_UserId = user.Id, RT_Time = DateTime.Now, RT_AccessToken = accessToken
};
return(Ok(new { accessToken = Encrypt.EncryptAccessToken(accessToken), refreshToken = Encrypt.EncryptRefreshToken(refreshToken) }));
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshTokenId = Guid.NewGuid().ToString("n");
if (context.Ticket == null)
{
context.Response.StatusCode = 400;
context.Response.ContentType = "application/json";
context.Response.ReasonPhrase = "invalid refresh token";
return;
}
IRefreshTokenService refreshTokenService = ResolverFactory.GetService <RefreshTokenService>();
var client = context.OwinContext.Get <Client>("oauth:client");
var token = new RefreshTokenDto()
{
RefreshTokenId = UnitHelper.GetHash(refreshTokenId),
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddDays(client.RefreshTokenLifeTime)
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
await refreshTokenService.CreateAsync(token);
context.SetToken(refreshTokenId);
}
public async Task <AuthenticateResponseDto> RefreshToken(RefreshTokenDto model)
{
var refreshTokenEntity = await _context.RefreshTokens.Where(x => x.Email == model.Email).Include(x => x.User).SingleOrDefaultAsync();
if (refreshTokenEntity is null)
{
throw new LaprTrackrException(LaprTrackrStatusCodes.AuthNotAuhenticated, "Refresh token is not valid.");
}
if ((DateTime.Now - refreshTokenEntity.CreatedAt).TotalDays > 7)
{
throw new LaprTrackrException(LaprTrackrStatusCodes.AuthNotAuhenticated, "Refresh token is expired.");
}
var(token, refreshToken) = GenerateJSONWebToken(refreshTokenEntity.User);
var authenticateResponseDto = new AuthenticateResponseDto
{
Token = token,
RefreshToken = refreshToken,
User = refreshTokenEntity.User
};
await SaveRefreshToken(refreshTokenEntity.User, token, refreshToken);
return(authenticateResponseDto);
}
public void Is_Correct_RefreshTokenDto_Mapped_Object()
{
//arrange
var refreshToken = new RefreshToken
{
Id = "1234",
ProtectedTicket = "1234",
ClientId = "1234",
ExpiresUtc = DateTime.Today.AddDays(1),
IssuedUtc = DateTime.Today,
Subject = "michal"
};
var refreshTokenDto = new RefreshTokenDto
{
Id = "1234",
ProtectedTicket = "1234",
ClientId = "1234",
ExpiresUtc = DateTime.Today.AddDays(1),
IssuedUtc = DateTime.Today,
Subject = "michal"
};
var dtoFactory = new RefreshTokenFactory();
//act
var target = dtoFactory.GetModel <RefreshTokenDto>(refreshToken);
//assert
Assert.IsInstanceOf <RefreshTokenDto>(target);
Assert.AreEqual(refreshTokenDto.ProtectedTicket, target.ProtectedTicket);
}
public bool Update(string entityId, RefreshTokenDto entity)
{
var success = false;
if (entity != null)
{
using (var scope = Repository.DatabaseFacade.BeginTransaction())
{
var refreshToken = Repository.GetByID(entityId);
if (refreshToken != null)
{
try
{
var item = Mapper.Map(entity, refreshToken);
Repository.Update(item);
Repository.SaveChanges();
scope.Commit();
success = true;
}
catch (Exception e)
{
throw e;
}
}
}
}
return(success);
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = _refreshTokenService.GenerateRefreshTokenId();
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var token = new RefreshTokenDto
{
Id = refreshTokenId,
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
var newToken = await _refreshTokenService.AddAsync(token);
if (await _refreshTokenService.Exists(newToken.Id))
{
context.SetToken(refreshTokenId);
}
}
public async Task <ServiceResponse <UserCredentialDto> > RefreshAsync(RefreshTokenDto refreshDto)
{
var response = new ServiceResponse <UserCredentialDto>();
try
{
var refreshToken = refreshDto.RefreshToken;
var email = refreshDto.Email;
var dbRefreshToken = await _context.RefreshTokens
.FirstOrDefaultAsync(x =>
x.Token == refreshToken &&
DateTime.Compare(x.ExpiredAt, DateTime.UtcNow) >= 0 &&
x.Email == email);
var dbUser = await _context.Set <T>().FirstOrDefaultAsync(x => x.Email == email);
if (dbRefreshToken == null || dbUser == null)
{
throw new RefreshTokenExpiredException();
}
_context.RefreshTokens.Remove(dbRefreshToken);
var newRefreshToken = CreateRefreshToken(email);
await _context.RefreshTokens.AddAsync(newRefreshToken);
await _context.SaveChangeWithValidationAsync();
var expiredAt = DateTime.UtcNow.AddMinutes(15);
response.Data = new UserCredentialDto()
{
AccessToken = CreateToken(dbUser, expiredAt),
RefreshToken = newRefreshToken.Token,
ExpiredAt = expiredAt,
UserInfo = _mapper.Map <GetUserDto>(dbUser),
};
return(response);
}
catch (BaseServiceException ex)
{
_logger.LogError(ex.Message, ex.StackTrace);
response.Success = false;
response.Message = ex.ErrorMessage;
response.Code = ex.Code;
return(response);
}
catch (Exception ex)
{
_logger.LogError(ex.Message, ex.StackTrace);
response.Success = false;
response.Message = ex.Message;
response.Code = ErrorCode.AUTH_UNEXPECTED_ERROR;
return(response);
}
}
public async Task <IActionResult> Post(RefreshTokenDto dto)
{
var handler = new JwtSecurityTokenHandler();
var cp = handler.ReadJwtToken(dto.OldJwtToken);
if (string.IsNullOrEmpty(cp.Id))
{
var user = await UserManager.FindByIdAsync(cp.Payload.Claims.FirstOrDefault (x => x.Type.Equals(JwtRegisteredClaimNames.Sid)).Value);
if (user != null && user.RefreshToken.Equals(dto.RefreshToken) && user.RefreshTokenExpiration >= DateTime.Now)
{
var expiration = 30;
var token = JwtHelper.GenerateToken(
user,
Environment.GetEnvironmentVariable(EnvVars.JwtKey),
Configuration["JwtTokenConfig:Issuer"],
Configuration["JwtTokenConfig:Audience"], expiration);
var refreshToken = _tokenFactory.GenerateRefreshToken();
user.AddRefreshToken(refreshToken, 10);
await DbContext.SaveChangesAsync();
return(Ok(new LoginResultDto("Bearer", token, refreshToken, DateTime.Now.AddDays(expiration), user.UserType, user.Name)));
}
}
AddMessage("Token", "Token inválido");
return(BadRequest());
}
public async Task <IActionResult> CreateTokenByRefreshToken(RefreshTokenDto refreshTokenDto)
{
var result = await _authenticationService.CreateTokenByRefreshToken(refreshTokenDto.Token);
return(ActionResultInstance(result));
}
public async Task <IActionResult> Login([FromBody] LoginUserDto loginUserDto)
{
if (loginUserDto == null)
{
return(BadRequest(_config["Errors:Base:ModelInValid"]));
}
// Validation model dto
var validatorDto = new LoginUserDtoValidator();
var resultValidateDto = validatorDto.Validate(loginUserDto);
if (!resultValidateDto.IsValid)
{
return(BadRequest(ValidationDto.GetMessagesByErrors(resultValidateDto.Errors)));
}
// Verify Account
var userDto = await _userService.VerifyAccount(loginUserDto);
if (userDto == null)
{
return(BadRequest(_config["Errors:User:Incorrect"]));
}
// Create Refresh Token
RefreshTokenDto refreshTokenDto = await _tokenService.CreateRefreshTokenByUserDtoAsync(userDto);
// Generate token
var tokenDto = GenerateToken(userDto, refreshTokenDto.RefreshToken);
return(Ok(tokenDto));
}
public async Task CreateRefreshTokenAsync(RefreshTokenDto tokenDto)
{
var token = Mapper.Map <RefreshToken>(tokenDto);
await _refreshTokenRepository.AddAsync(token);
await UnitOfWork.CommitAsync();
}
public Task <SwaggerResponse <AuthResponse> > RefreshtokenAsync(RefreshTokenDto refreshtokenparameter)
{
var headers = new Dictionary <string, IEnumerable <string> >();
try
{
var authResponse = _appUser.RefreshToken(refreshtokenparameter);
return(Task.FromResult(
new SwaggerResponse <AuthResponse>(
StatusCodes.Status200OK,
headers,
new AuthResponse {
Token = authResponse.authToken, ValidFor = authResponse.expiresIn, Id = authResponse.id, Refreshtoken = authResponse.refreshToken, Status = new OpResult {
Success = true, Result = "RefreshToken successful"
}
})));
}
catch (RepositoryException exception)
{
return(Task.FromResult(
new SwaggerResponse <AuthResponse>(
exception.StatusCode,
headers,
new AuthResponse {
Token = "failed to refresh", Status = new OpResult {
Success = false, Result = "RefreshToken failed"
}
}, exception.Message)));
}
}
public async Task <IActionResult> RefreshToken(RefreshTokenDto refreshTokenDto)
{
var user = await _applicationRepository.FindUserByRefreshToken(refreshTokenDto.RefreshToken);
if (user == null)
{
return(BadRequest("Couldn't find a user with that refresh token"));
}
if (!ValidateRefreshToken(user.RefreshTokenExpireTime))
{
return(BadRequest("Your refresh token has expired"));
}
user.RefreshToken = GenerateRefreshToken();
user.RefreshTokenExpireTime = DateTime.Now.AddMinutes(10);
_applicationRepository.Update(user);
await _applicationRepository.SaveAll();
var token = GenerateJWTToken(user);
return(Ok(new {
token = token,
refreshToken = user.RefreshToken
}));
}
public async Task Delete(Guid userUuid)
{
RefreshTokenDto refreshTokenToDelete = await _context.RefreshToken
.FirstOrDefaultAsync(rt => rt.UserUuid == userUuid);
_context.RefreshToken.Remove(refreshTokenToDelete);
await _context.SaveChangesAsync();
}
public IActionResult RefreshToken(RefreshTokenDto dto)
{
if (User?.Identity?.Name == null)
{
return(Unauthorized());
}
return(new ObjectResult(JwtHandler.Create(User.Identity.Name, SecurityLevel, dto.ApplicationId, 0)));
}
public IActionResult Post([FromBody] RefreshTokenDto refreshTokenDto)
{
int expiryMinutes = 30;
DateTime expiryDate = DateTime.Now.AddMinutes(expiryMinutes);
string jwtToken = this._jwtService.RefreshToken(User.Claims.ToArray(), expiryMinutes);
return(this.Ok(new JwtDetails(jwtToken, expiryDate)));
}
private bool RefreshTokenIsExpired(RefreshTokenDto refreshToken)
{
if (refreshToken.ExpirationDate < DateTime.UtcNow)
{
return(true);
}
return(false);
}
public async Task <ActionResult> RefreshToken(RefreshTokenDto tokenDto)
{
var token = await jwtService.RefreshToken(tokenDto.RefreshToken);
if (token == null)
{
return(Unauthorized(new { message = "Invalid token" }));
}
return(Ok(token));
}
public async Task <IActionResult> RefreshToken(RefreshTokenDto tokens)
{
var authenticationResponse = await accountService.RefreshToken(tokens, Request.Headers[HeaderNames.UserAgent].ToString());
if (authenticationResponse == null)
{
return(BadRequest <RefreshTokenDto>(r => r.RefreshToken, LocalizedResources.RefreshTokenError));
}
return(Ok(authenticationResponse));
}
public async Task <IActionResult> Refreshtoken([FromBody] RefreshTokenDto refreshtokenparameter)
{
if (!ModelState.IsValid)
{
return(HandleInvalidModelState(ModelState));
}
var result = await _implementation.RefreshtokenAsync(refreshtokenparameter).ConfigureAwait(false);
return(ProcessResponse <AuthResponse>(result));
}
public async Task <ResponseTokenModel> RefreshToken([FromBody] RefreshTokenDto input)
{
ResponseTokenModel model = new ResponseTokenModel
{
Success = false,
SetPassword = true
};
if (input == null)
{
model.Msg = L("UserCenter_ParamError");
return(model);
}
if (string.IsNullOrWhiteSpace(input.ClientId))
{
model.Msg = L("UserCenter_ParamError");
return(model);
}
var form = new Dictionary <string, string>();
form["client_id"] = input.ClientId;
form["refresh_token"] = _cacheManager.GetCache(CacheKeyService.RefreshToken).Get(input.ClientId + input.UserId, () => string.Empty);
//用户登陆
if (input.ClientId == "app_customer_client")
{
form["client_secret"] = _appConfiguration["Customer:ClientSecrets"];
form["grant_type"] = "refresh_token";
}
//医生登陆
if (input.ClientId == "app_doctor_client")
{
form["client_secret"] = _appConfiguration["Doctor:ClientSecrets"];
form["grant_type"] = "refresh_token";
}
var tokenModel = await _tokenService.RefreshToken(form, input.ClientId);
if (tokenModel != null)
{
model.Success = true;
model.AccessToken = tokenModel.access_token;
model.ExpiresIn = tokenModel.expires_in;
model.TokenType = tokenModel.token_type;
model.UserId = input.UserId;
List <string> proToken = _cacheManager.GetCache(CacheKeyService.DeviceToken).Get(input.ClientId + input.UserId + input.DeviceUUID, () => new List <string>());
proToken.Add(tokenModel.access_token);
_cacheManager.GetCache(CacheKeyService.DeviceToken).Set(input.ClientId + input.UserId + input.DeviceUUID, proToken);
_cacheManager.GetCache(CacheKeyService.RefreshToken).Set(input.ClientId + input.UserId, tokenModel.refresh_token);
}
return(model);
}
private async Task <AuthenticationResponse> GenerateAuthenticationResponse(User user)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var roles = await _userManager.GetRolesAsync(user);
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim("id", user.Id)
};
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, "Token");
// Adding roles code
// Roles property is string collection but you can modify Select code if it it's not
claimsIdentity.AddClaims(roles.Select(role => new Claim(ClaimTypes.Role, role)));
var tokenDesriptor = new SecurityTokenDescriptor
{
Subject = claimsIdentity,
Issuer = _jwtSettings.Issuer,
Audience = _jwtSettings.Audience,
Expires = DateTime.UtcNow.AddMinutes(_jwtSettings.AccessExpiration),
SigningCredentials = credentials
};
var token = tokenHandler.CreateToken(tokenDesriptor);
var refreshToken = new RefreshTokenDto
{
JwtId = token.Id,
UserId = user.Id,
CreationDate = DateTime.UtcNow,
Invalidated = false,
Used = false,
ExpirationDate = DateTime.UtcNow.AddDays(_jwtSettings.RefreshExpiration)
};
var createdRefreshToken = _refreshTokenLogic.Create(refreshToken);
var jwtToken = tokenHandler.WriteToken(token);
var authenticationResponse = new AuthenticationResponse
{
Token = jwtToken,
RefreshToken = createdRefreshToken.Token
};
return(authenticationResponse);
}
