public async Task <ActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model) { var request = new ExchangeRefreshTokenRequest(model.AccessToken !, model.RefreshToken !, _jwtOptions.SigningKey !); await _exchangeRefreshTokenUseCase.Handle(request, _exchangeRefreshTokenPresenter); return(_exchangeRefreshTokenPresenter.ContentResult); }
public IActionResult PostRefreshToken([FromForm] ExchangeRefreshTokenModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, "test"), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["TokenProviderOptions:SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(_config["TokenProviderOptions:Issuer"], _config["TokenProviderOptions:Issuer"], claims, expires: DateTime.Now.AddMinutes(30), signingCredentials: creds); var refreshToken = _tokenFactory.GenerateToken(); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = refreshToken })); }
public async Task <IActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model) { _logger.LogInformation("Refreshing access token: {0} with refresh token: {1}", model.AccessToken, model.RefreshToken); if (!ModelState.IsValid) { return(Error("Invalid request paramters")); } var cp = _jwtTokenValidator.GetPrincipalFromToken(model.AccessToken, _authSettings.SecretKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id").Value; Maybe <AppUser> account = _appUserRepo.GetById(int.Parse(id)); if (account.HasNoValue) { return(Error($"No matching user account found: {id}")); } Maybe <RefreshToken> refreshToken = account.Value.RefreshTokens.FirstOrDefault(x => x.Token == model.RefreshToken); // validate referesh token if ( //RefereshTokenStore.TryGetValue(id, out string oldRefereshToken) && oldRefereshToken == model.RefreshToken //&& refreshToken.Unwrap(d => d.IsActive)) { List <AppGroup> groups = _groupRepo.GetList(account.Value.UserGroups.Select(d => d.AppGroupId).ToArray()).ToList(); string[] permissions = groups.SelectMany(d => d.GroupPermissions.Select(p => p.Permission.Name)).ToArray(); var jwtToken = await account.Unwrap(d => _jwtFactory.GenerateEncodedToken(d.Id.ToString(), d.Username, permissions)); string newRefreshToken = _tokenFactory.GenerateToken(); RefereshTokenStore[id] = newRefreshToken; // delete the token exchanged and store the new one refreshToken.Value.Revoked = DateTime.UtcNow; refreshToken.Value.RevokedByIp = IpAddress(); refreshToken.Value.ReplacedByToken = newRefreshToken; account.Value.RefreshTokens.Add(new RefreshToken { Token = newRefreshToken, Expires = DateTime.UtcNow.AddHours(4), // 4 hours Created = DateTime.UtcNow, CreatedByIp = IpAddress() }); _appUserRepo.Update(account.Value); return(Ok(new ExchangeRefreshTokenResponseDTO(jwtToken, newRefreshToken))); } } return(Error("Provided token is invalid or expired.")); }
public async Task ExchangeRefreshToken_GivenInvalidToken_Fails() { ExchangeRefreshTokenModel model = new ExchangeRefreshTokenModel { AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhY3N0ZXN0dXNlciIsImp0aSI6Ijg1ZjE5Yzc4LTVmNDgtNDJkOC1iNjdjLWI5ZGE1MjQ2NTc5MyIsImlhdCI6IjE1NjYyNDM3OTYiLCJyb2wiOiJ1c2VyIiwiaWQiOiIxIiwibmJmIjoxNTY2MjQzNzk1LCJleHAiOjE1NjYyNDczOTUsImlzcyI6IkFsaW1Db29wIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.JL4v6wa4O9CyUWxSLuRzI0S9-IopobRM6zdDdfRTbeM", RefreshToken = "unknown" }; StringContent content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json"); var response = await _client.PostAsync("/api/authentication/refreshtoken", content); var stringResponse = await response.Content.ReadAsStringAsync(); Assert.Contains("Invalid token.", stringResponse); }
public async Task ExchangeRefreshToken_GivenValidToken_Succeeds() { ExchangeRefreshTokenModel model = new ExchangeRefreshTokenModel { AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhY3N0ZXN0dXNlciIsImp0aSI6Ijg1ZjE5Yzc4LTVmNDgtNDJkOC1iNjdjLWI5ZGE1MjQ2NTc5MyIsImlhdCI6IjE1NjYyNDM3OTYiLCJyb2wiOiJ1c2VyIiwiaWQiOiIxIiwibmJmIjoxNTY2MjQzNzk1LCJleHAiOjE1NjYyNDczOTUsImlzcyI6IkFsaW1Db29wIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.JL4v6wa4O9CyUWxSLuRzI0S9-IopobRM6zdDdfRTbeM", RefreshToken = "sf+BoDDXriyqkpwB4Wl3I59AYecTs9j37a981ijAGXs=" }; StringContent content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json"); var response = await _client.PostAsync("/api/authentication/refreshtoken", content); response.EnsureSuccessStatusCode(); var stringResponse = await response.Content.ReadAsStringAsync(); dynamic result = JObject.Parse(stringResponse); Assert.NotNull(result.token); Assert.True((int)result.expiresIn > 0); Assert.NotNull(result.refreshToken); }