public async Task <Maybe <Token> > RefreshTokenAsync(string accessToken, string refreshToken)
{
var claims = _accessTokenValidator.Validate(accessToken,
HexadoTokenSpecific.GetValidationParameters(_options.Secret, false));
if (!claims.HasValue || claims.Value.All(claim => claim.Type != ClaimTypes.Email))
{
return(Maybe <Token> .Nothing);
}
var email = claims.Value
.Single(c => c.Type == ClaimTypes.Email).Value;
var user = await _hexadoUserRepository
.GetUserIncludeTokensAsync(u => u.Email == email);
if (!user.HasValue || !user.Value.IsValidRefreshToken(refreshToken))
{
return(Maybe <Token> .Nothing);
}
var token = _tokenFactory.GenerateToken(user.Value.Id, claims.Value);
if (!token.HasValue)
{
return(Maybe <Token> .Nothing);
}
user.Value.RemoveRefreshToken(refreshToken);
user.Value.RefreshTokens.Add(token.Value.RefreshToken);
await _hexadoUserRepository.UpdateAsync(user.Value);
return(token);
}
public static IServiceCollection AddHexadoAuthentication(this IServiceCollection services)
{
var jwtOptions = services.BuildServiceProvider()
.GetRequiredService <IOptions <JwtOptions> >().Value;
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = HexadoTokenSpecific.GetValidationParameters(jwtOptions.Secret);
});
return(services);
}
