//[Produces("text/plain")] public async Task <IActionResult> RenewToken(APIPayload payload) { try { if (string.IsNullOrEmpty(payload.Token)) { return(BadRequest()); } // Validate token... var validToken = ValidateToken(payload.Token); if (validToken.Identity.IsAuthenticated) { //var refreshToken = Guid.Parse(validToken.FindFirst("RefreshToken")?.Value); var email = validToken.FindFirst("UserEmail")?.Value; // Get user from database based on email and refresh token var user = await _context.Users.Where(x => x.Email == email && x.RefreshToken == Guid.Parse(payload.RefreshToken)).FirstOrDefaultAsync(); var token = await BakeNewToken(user); return(Ok(token)); } throw new SecurityTokenInvalidSignatureException(); } catch (Exception ex) { return(BadRequest(ex)); } }
/// <summary> /// Create a new JWT token for a user /// </summary> /// <param name="user"></param> /// <param name="hasRole"></param> /// <returns></returns> public APIPayload CreateToken(User user, bool isAdmin, bool generateRefreshToken = false) { // Set up a security key based on the key in appsettings.json var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configure["JWT:Key"])); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); // Generate a new refresh token string newRefreshToken = null; if (generateRefreshToken) { newRefreshToken = CreateRefreshToken(user).ToString(); } // Create new JWT-token var claims = SetTokenClaims(user, isAdmin); var token = ConfigureToken(claims, credentials); APIPayload tokenPayload = new APIPayload() { Token = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = newRefreshToken }; return(tokenPayload); }
// TODO: Add User object to PayLoad class public async Task SetAuthCookie(APIPayload payload, bool persistent = true) { // Bake Token Refresh cookie webAPIToken.TokenRefreshCookie = payload.RefreshToken; // Bake Token-Cookie webAPIToken.SessionTokenRefresh = payload.Token; // Extract payload from token cookie var handler = new JwtSecurityTokenHandler(); var token = handler.ReadJwtToken(payload.Token); var userEmail = token.Claims.Where(x => x.Type == "UserEmail") .Select(x => x.Value) .FirstOrDefault() .ToString(); var userId = token.Claims.Where(x => x.Type == "UserId") .Select(x => x.Value) .FirstOrDefault() .ToString(); var userName = token.Claims.Where(x => x.Type == "UserName") .Select(x => x.Value) .FirstOrDefault() .ToString(); var userRole = token.Claims.Where(x => x.Type == ClaimTypes.Role) .Select(x => x.Value) .FirstOrDefault() .ToString(); // Set up Claims for ASP authentication cookie var claims = new List <Claim> { new Claim(ClaimTypes.Email, userEmail), new Claim("UserId", userId), new Claim(ClaimTypes.Name, userEmail), new Claim("UserName", userName), new Claim(ClaimTypes.Role, userRole) }; // Do user want to be remembered? var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var authProperties = new AuthenticationProperties { IsPersistent = persistent, ExpiresUtc = DateTime.UtcNow.AddMonths(int.Parse(config["AuthCookie:Expire"])) }; // Bake authentication cookie! await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties); }
/// <summary> /// Sends a request with an old token containing a refresh-token for getting a new valid JWT token from API /// </summary> /// <param name="cookieToken"></param> /// <returns></returns> public async Task <string> New() { APIResponseData response = new APIResponseData(); if (SessionTokenRefresh == null) { APIPayload payload = new APIPayload() { RefreshToken = TokenRefreshCookie, UserEmail = accessor.HttpContext.User.Identity.Name }; response = await webAPI.PostAsync(payload, "https://localhost:44305/api/tokenrequest/refresh"); } else { // Instantiate a new payload-object containing old JWT (Jason Web Token) from local cookie 'TastyCookie' APIPayload payload = new APIPayload() { //Token = TokenRefreshCookie // Get old JWT token from cookie Token = SessionTokenRefresh, RefreshToken = TokenRefreshCookie }; // Post payload object to API and request a new token. // The API will validate the old JWT-token and return a new token if old JWT wasn't tampered with. response = await webAPI.PostAsync(payload, "https://localhost:44305/api/tokenrequest/new"); } // Invalid token if (!response.Status.IsSuccessStatusCode) { // Send request using refresh token } //if (string.IsNullOrEmpty(token.ResponseContent)) //{ // throw new ArgumentNullException("Token was null!"); //} // Store new token in local cookie //TokenRefreshCookie = newToken.ResponseContent; SessionTokenRefresh = response.APIPayload.Token; //var test = accessor.HttpContext.Session.GetString("TestCookie"); return(response.APIPayload.Token); }
public async Task <IActionResult> RefreshToken(APIPayload payload) { // User exist? var user = _context.Users.Where(x => x.Email == payload.UserEmail && x.RefreshToken == Guid.Parse(payload.RefreshToken)).FirstOrDefault(); if (user != null) { // Create token and store new refreshtoken in database var newTokenAndRefreshToken = await BakeNewToken(user); return(Ok(newTokenAndRefreshToken)); } else { return(Unauthorized()); } }
private APIPayload GetPayload(IGrouping<long, LibratoMetric> epochGroup) { var lines = epochGroup.ToList(); // Split the lines up into gauges and counters var gauges = lines.Where(p => p.MetricType == LibratoMetricType.Gauge || p.MetricType == LibratoMetricType.Timing).ToArray(); var counts = lines.Where(p => p.MetricType == LibratoMetricType.Counter).ToArray(); var payload = new APIPayload(); payload.gauges = gauges; payload.counters = counts; payload.measure_time = epochGroup.Key; payload.source = _source; return payload; }
// constructor - only APIService can create public APIRequest(RequestMethod httpMethod, string server, string function, APIHeaders headers, APIPayload payload) : this(httpMethod, server, function, headers) { this.payload = payload; }
// constructor - only APIService can create public APIResponse(Dictionary <string, string> headers, string json) { this.headers = new APIHeaders(headers); this.payload = new APIPayload(json); this.status = this.headers.GetStatusCode(); }