public Task RemoveRefreshTokenAsync(JwtRefreshToken jwtRefreshToken) { var token = JwtRefreshTokens.FirstOrDefault(x => x.UserId == jwtRefreshToken.UserId && x.Token == jwtRefreshToken.Token); JwtRefreshTokens.Remove(token); return(Task.CompletedTask); }
public bool ValidateRefreshToken(JwtRefreshToken refreshToken, ClaimsPrincipal claimsPrincipal) { var jti = claimsPrincipal.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value; return(refreshToken != null && DateTime.UtcNow <= refreshToken.ExpiryDate && !refreshToken.Invalidated && !refreshToken.Used && refreshToken.JwtId == jti); }
public void GenerateRefreshAndUpdateUser(T login, Action <string> refreshHandler) { var refreshToken = tokenService.GenerateRefreshToken(); JwtRefreshToken tokenResponse = broker.SendBroker <JwtRefreshToken>(new JwtRefreshToken() { RefreshToken = refreshToken, UserName = login.UserName }); refreshHandler.Invoke(!string.IsNullOrEmpty(tokenResponse.Code) ? refreshToken : string.Empty); // refreshHandler.Invoke(refreshToken); }
public async Task <JwtRefreshToken> GenerateRefreshTokenForJwtTokenAsync(ApplicationUser user, SecurityToken token) { var refreshToken = new JwtRefreshToken { JwtId = token.Id, UserId = user.Id, CreationDate = DateTime.UtcNow, ExpiryDate = DateTime.UtcNow.AddMonths(6) }; await _context.RefreshTokens.AddAsync(refreshToken); await _context.SaveChangesAsync(); return(refreshToken); }
public JwtAccessToken CreateAccessToken(User user) { //Refresh token var refreshToken = new JwtRefreshToken( token: passwordHasher.HashPassword(Guid.NewGuid().ToString()), expiration: DateTime.UtcNow.AddSeconds(tokenClaims.RefreshTokenExpiration).Ticks); //Access token var accessTokenExpiration = DateTime.UtcNow.AddSeconds(tokenClaims.AccessTokenExpiration); var securityToken = new JwtSecurityToken( issuer: tokenClaims.Issuer, audience: tokenClaims.Audience, claims: GetClaims(user), expires: accessTokenExpiration, notBefore: DateTime.UtcNow, signingCredentials: signingConfigurations.SigningCredentials); var jwtHandler = new JwtSecurityTokenHandler(); var accessToken = jwtHandler.WriteToken(securityToken); refreshTokens.Add(refreshToken); //TODO: nie trzymać tokenów w pamięci return(new JwtAccessToken(accessToken, accessTokenExpiration.Ticks, refreshToken)); }
public async Task UseRefreshToken(JwtRefreshToken refreshToken) { refreshToken.Used = true; _context.RefreshTokens.Update(refreshToken); await _context.SaveChangesAsync(); }
private async Task <ResponseAuth> CreateJwtTokenAsync(ApplicationUser appUser) { ResponseAuth responseAuth = null; var appUserRoles = await userManager.GetRolesAsync(appUser); var tokenHandler = new JwtSecurityTokenHandler(); var certificate = new X509Certificate2(appConfigSettings.Value.PrivateKeyLocation, "abc12345"); var key = new X509SecurityKey(certificate); //Encoding.ASCII.GetBytes(appConfigSettings.Value.JwtTokenSecret); DateTime today = DateTime.UtcNow; TimeSpan duration = appConfigSettings.Value.TokenLifeTime; TokenExpiration = today.Add(duration); var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, appUser.UserName), new Claim(JwtRegisteredClaimNames.Jti, GenerateJwtTokenId()), new Claim(ClaimTypes.Name, appUser.UserName), new Claim(JwtRegisteredClaimNames.Email, appUser.Email), // new Claim(ClaimTypes.Email, appUser.Email), new Claim("id", appUser.Id) }; if (appUserRoles != null && appUserRoles.Count > 0) { foreach (var role in appUserRoles) { claims.Add(new Claim(ClaimTypes.Role, role)); } } var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims, "Bearer"), NotBefore = DateTime.UtcNow.AddMinutes(-1), IssuedAt = IssuedDate, Expires = TokenExpiration, Audience = "http://my.audience.com", Issuer = "http://tokenissuer.com", SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha384Signature) //(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256) }; var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor); responseAuth = new ResponseAuth { AccessToken = tokenHandler.WriteToken(token), ExpirationDateTime = TokenExpiration, DateIssued = IssuedDate }; var _refreshToken = new JwtRefreshToken { RefreshToken = Guid.NewGuid().ToString(), JwtId = token.Id, UserId = appUser.Id, CreatedDate = DateTime.UtcNow, ExpiryDate = DateTime.UtcNow.AddMonths(6) }; try { await appIdentityDbContext.JwtRefreshTokens.AddAsync(_refreshToken); await appIdentityDbContext.SaveChangesAsync(); } catch (Exception ex) { var msg = ex.Message; throw ex; } responseAuth.RefreshToken = _refreshToken.RefreshToken; return(responseAuth); }
public async Task <RefreshTokenResponse> RefreshTokenAsyc(string token, string refreshToken) { RefreshTokenResponse refreshTokenResult = null; var validatedToken = GetPrincipalFromToken(token); if (validatedToken == null) { //token is invalid return(new RefreshTokenResponse { Errors = new[] { "Invalid Token " } }); } _tokenValidationParameters.ValidateLifetime = true; var exptime = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value; var expiryDateUnix = long.Parse(exptime); var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc) .AddSeconds(expiryDateUnix); if (expiryDateTimeUtc > DateTime.UtcNow) { return(new RefreshTokenResponse { Errors = new[] { "This token is not yet expired" } }); } //get id from the jwt token var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value; JwtRefreshToken storedRefreshToken = null; try { storedRefreshToken = appIdentityDbContext.JwtRefreshTokens.FirstOrDefault(r => r.RefreshToken == refreshToken); if (storedRefreshToken == null) { return(new RefreshTokenResponse { Errors = new[] { "This refresh token does not exist" } }); } } catch (Exception ex) { var msg = ex.Message; throw ex; } if (DateTime.UtcNow > storedRefreshToken.ExpiryDate) { return(new RefreshTokenResponse { Errors = new[] { "This refresh token has expired" } }); } if (storedRefreshToken.Invalidated) { return(new RefreshTokenResponse { Errors = new[] { "This refresh token has been invalidated" } }); } if (storedRefreshToken.Used) { return(new RefreshTokenResponse { Errors = new[] { "This refresh token has been used" } }); } if (storedRefreshToken.JwtId != jti) { return(new RefreshTokenResponse { Errors = new[] { "This refresh token does not match this JWT" } }); } storedRefreshToken.Used = true; appIdentityDbContext.JwtRefreshTokens.Update(storedRefreshToken); await appIdentityDbContext.SaveChangesAsync(); //get the user id from the token var userId = validatedToken.Claims.Single(x => x.Type == "id").Value; var user = await userManager.FindByIdAsync(userId); var generateRefreshToken = await CreateJwtTokenAsync(user); refreshTokenResult = new RefreshTokenResponse { Token = generateRefreshToken.AccessToken, RefreshToken = generateRefreshToken.RefreshToken, Success = true, AccessTokenExpiration = generateRefreshToken.ExpirationDateTime, IssuedDate = IssuedDate }; return(refreshTokenResult); }
public Task AddRefreshTokenAsync(JwtRefreshToken jwtRefreshToken) { JwtRefreshTokens.Add(jwtRefreshToken); return(Task.CompletedTask); }