public async Task <IActionResult> PostLogin(Creds creds) { //todo: Ensure that these input values are not logged. var user = await SignInUser(creds.UserName, creds.Password); if (user == null) { return(BadRequest("Invalid credentials")); } var identity = await _repository.GetClaimsIdentity(user.UserName); var jwtAccessToken = await GetAccessToken(identity, user); var jwtRefreshToken = await GetRefreshToken(identity, user); // Create the JWT security tokens and encode it. var encodedJwtAccess = new JwtSecurityTokenHandler().WriteToken(jwtAccessToken); var encodedJwtRefresh = new JwtSecurityTokenHandler().WriteToken(jwtRefreshToken); // Serialize and return the response var response = new { access_token = encodedJwtAccess, refresh_token = encodedJwtRefresh, expires_in = (int)_jwtOptions.ValidFor.TotalSeconds }; var json = JsonConvert.SerializeObject(response, _serializerSettings); _repository.AddRefreshToken(encodedJwtRefresh, user, jwtRefreshToken.ValidTo, this.HttpContext.Connection.RemoteIpAddress.ToString()); return(new OkObjectResult(json)); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientId = context.Ticket.Properties.Dictionary["as:client_id"]; string deviceId = context.OwinContext.Get <string>("as:device_id"); if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(deviceId)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime"); var token = new RefreshToken { Id = HashHelper.GetHash(refreshTokenId), ClientId = clientId, Subject = context.Ticket.Identity.Name, DeviceId = deviceId, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)), }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; token.ProtectedTicket = context.SerializeTicket(); var result = await _repository.AddRefreshToken(token); if (result) { context.SetToken(refreshTokenId); } }