public void AddUserToken(Auth_UserToken userToken)
{
if (!_configuration.Value.AllowMultipleLoginsFromTheSameUser)
{
InvalidateUserTokens(userToken.UserId);
}
DeleteTokensWithSameRefreshTokenSource(userToken.RefreshTokenIdHashSource);
_tokenUserRepository.Insert(userToken);
}
public void AddUserToken(Auth_User user, string refreshTokenSerial, string accessToken, string refreshTokenSourceSerial)
{
var now = DateTime.UtcNow;
var token = new Auth_UserToken
{
UserId = user.Id,
// Refresh token handles should be treated as secrets and should be stored hashed
RefreshTokenIdHash = _encryptionService.GetSha256Hash(refreshTokenSerial),
RefreshTokenIdHashSource = string.IsNullOrWhiteSpace(refreshTokenSourceSerial) ?
null : _encryptionService.GetSha256Hash(refreshTokenSourceSerial),
AccessTokenHash = _encryptionService.GetSha256Hash(accessToken),
RefreshTokenExpiresDateTime = now.AddMinutes(_configuration.Value.RefreshTokenExpirationMinutes),
AccessTokenExpiresDateTime = now.AddMinutes(_configuration.Value.AccessTokenExpirationMinutes)
};
AddUserToken(token);
}
