public JwtSecurityToken BuildToken(ClaimsIdentity identity)
{
var expires = _systemClock.UtcNow.UtcDateTime + _options.Value.TokenLifetime;
AuthenticationLogMessages.AuthenticationTokenBuilding(_logger, identity, expires);
var descriptor = new SecurityTokenDescriptor()
{
Subject = identity,
SigningCredentials = _signingCredentials,
Expires = expires
};
var token = _tokenHandler.CreateJwtSecurityToken(descriptor);
AuthenticationLogMessages.AuthenticationTokenBuilt(_logger, token);
return(token);
}
protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
{
AuthenticationLogMessages.SignInHandling(Logger);
var token = _apiAuthenticationTokenBuilder.BuildToken(user.Identities.First());
AuthenticationLogMessages.AuthenticationTokenBuilt(Logger, token);
var tokenRawHeaderAndPayload = $"{token.RawHeader}.{token.RawPayload}";
Response.Cookies.Append(
key: Options.TokenHeaderAndPayloadCookieKey,
value: tokenRawHeaderAndPayload,
options: new CookieOptions()
{
IsEssential = true,
SameSite = SameSiteMode.Strict,
HttpOnly = false,
Secure = true,
Expires = token.ValidTo
});
AuthenticationLogMessages.AuthenticationTokenHeaderAndPayloadAttached(Logger, Options.TokenHeaderAndPayloadCookieKey, tokenRawHeaderAndPayload);
Response.Cookies.Append(
key: Options.TokenSignatureCookieKey,
value: token.RawSignature,
options: new CookieOptions()
{
IsEssential = true,
SameSite = SameSiteMode.Strict,
HttpOnly = true,
Secure = true,
Expires = token.ValidTo
});
AuthenticationLogMessages.AuthenticationTokenSignatureAttached(Logger, Options.TokenSignatureCookieKey, token.RawSignature);
AuthenticationLogMessages.SignInHandled(Logger);
return(Task.CompletedTask);
}
