private static void AssertDoesGetAccessTokenUsingRefreshTokenCookie(IJsonServiceClient client) { var authResponse = client.Post(new Authenticate { provider = "credentials", UserName = Username, Password = Password }); var initialAccessToken = client.GetTokenCookie(); var initialRefreshToken = client.GetRefreshTokenCookie(); Assert.That(initialAccessToken, Is.Not.Null); Assert.That(initialRefreshToken, Is.Not.Null); var request = new Secured { Name = "test" }; var response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); var jwtAuthProvider = AuthenticateService.GetRequiredJwtAuthProvider(); jwtAuthProvider.InvalidateJwtIds.Add(jwtAuthProvider.LastJwtId()); // JwtAuthProvider.PrintDump(initialAccessToken); // JwtAuthProvider.PrintDump(initialRefreshToken); response = client.Send(request); Assert.That(response.Result, Is.EqualTo(request.Name)); var latestAccessToken = client.GetTokenCookie(); Assert.That(latestAccessToken, Is.Not.EqualTo(initialAccessToken)); }
public object Any(InvalidateLastAccessToken request) { var jwtAuthProvider = AuthenticateService.GetRequiredJwtAuthProvider(); jwtAuthProvider.InvalidateJwtIds.Add(jwtAuthProvider.LastJwtId()); return(new EmptyResponse()); }
public object Any(CreateJwt request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (request.JwtExpiry != null) { jwtAuthProvider.CreatePayloadFilter = (jwtPayload, session) => jwtPayload["exp"] = request.JwtExpiry.Value.ToUnixTime().ToString(); } var jwtSession = request.ConvertTo <AuthUserSession>(); var token = jwtAuthProvider.CreateJwtBearerToken(jwtSession); jwtAuthProvider.CreatePayloadFilter = null; return(new CreateJwtResponse { Token = token }); }
public object Any(CreateRefreshJwt request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); var jwtHeader = new JsonObject { { "typ", "JWTR" }, //RefreshToken { "alg", jwtAuthProvider.HashAlgorithm } }; var keyId = jwtAuthProvider.GetKeyId(Request); if (keyId != null) { jwtHeader["kid"] = keyId; } var now = DateTime.UtcNow; var jwtPayload = new JsonObject { { "sub", request.UserAuthId ?? "1" }, { "iat", now.ToUnixTime().ToString() }, { "exp", (request.JwtExpiry ?? DateTime.UtcNow.AddDays(1)).ToUnixTime().ToString() }, }; if (jwtAuthProvider.Audience != null) { jwtPayload["aud"] = jwtAuthProvider.Audience; } var hashAlgorithm = jwtAuthProvider.GetHashAlgorithm(); var refreshToken = JwtAuthProvider.CreateJwt(jwtHeader, jwtPayload, hashAlgorithm); return(new CreateRefreshJwtResponse { Token = refreshToken }); }
public object Any(GetAccessToken request) { var jwtAuthProvider = (MyJwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request)); } if (string.IsNullOrEmpty(request.RefreshToken)) { throw new ArgumentNullException(nameof(request.RefreshToken)); } JsonObject jwtPayload; try { jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split(CharConstants.DOT)); } catch (ArgumentException) { throw; } catch (Exception ex) { throw new ArgumentException(ex.Message); } jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload); if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request)) { throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken)); } var userId = jwtPayload[TokenConstants.SUB]; CustomUserSession session; if (AuthRepository is IUserAuthRepository userRepo) { var userAuth = userRepo.GetUserAuth(userId); if (userAuth == null) { throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request)); } if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth)) { throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request)); } session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId()) as CustomUserSession; PopulateSession(userRepo, userAuth, session, userId); } else { throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource"); } var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session); return(new GetAccessTokenResponse { AccessToken = accessToken }); }