public IHttpActionResult RefreshToken(string userId, string refreshToken)
{
A account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation");
if (account == null || account.RefreshToken != refreshToken)
{
return(BadRequest("Invalid account or refresh token."));
}
else
{
var newAccessToken = GetAuthenticationTokenForUser(userId);
account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
_context.SaveChanges();
return(Ok(new CustomLoginResult()
{
UserId = account.Sid,
MobileServiceAuthenticationToken = newAccessToken.RawData,
RefreshToken = account.RefreshToken
}));
}
}
public IHttpActionResult Login(CustomLoginRequest loginRequest)
{
A account = GetAccountsDbSet(_context).GetUserAccount(loginRequest.UserId, "Federation");
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(incoming, account.Hash))
{
var accessToken = GetAuthenticationTokenForUser(account.Sid);
account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
_context.SaveChanges();
return(Ok(new CustomLoginResult()
{
UserId = account.Sid,
MobileServiceAuthenticationToken = accessToken.RawData,
RefreshToken = account.RefreshToken
}));
}
}
return(BadRequest("Invalid name or password."));
}