public void IssueAccessTokenWithCustomClaim_userIdNull()
{
var jwtService = JwtServiceFactory.Create(
TimeSpan.FromSeconds(10),
TimeSpan.FromMinutes(5),
TimeSpan.FromSeconds(10));
var user = GetUserWithCustomClaime();
var access = jwtService
.IssueAccessToken(null, "", user.roles, user.claims);
var customClaimsType = user.claims.Select(x => x.Key).ToArray();
Assert.True(access.Result == JwtTokenResult.TokenResult.Ok);
Assert.NotNull(access.Tokens);
Assert.NotNull(access.Tokens.AccessToken);
Assert.NotNull(access.Tokens.RefreshToken);
var testclaims = access.AccessClaims
.Where(x => customClaimsType.Contains(x.Type))
.Select(x => new KeyValuePair <string, string>(x.Type, x.Value))
.ToArray();
foreach (var claimPair in testclaims)
{
Assert.Contains(claimPair, user.claims);
}
var identityOptions = new IdentityOptions();
var accessClaims = new JwtSecurityTokenHandler()
.ReadJwtToken(access.Tokens.AccessToken.Value)
.Claims.ToArray();
var accessId = accessClaims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
var accessName = accessClaims
.FirstOrDefault(x => x.Type
.Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
.Value;
var roles = accessClaims
.Where(x => x.Type
.Equals(ClaimTypes.Role));
var customClaims = accessClaims
.Where(x => customClaimsType.Contains(x.Type))
.Select(x => new KeyValuePair <string, string>(x.Type, x.Value))
.ToArray();
Assert.True(string.IsNullOrEmpty(accessId));
Assert.True(string.IsNullOrEmpty(accessName));
foreach (var role in roles)
{
Assert.Contains(role.Value, user.roles);
}
foreach (var claim in customClaims)
{
Assert.Contains(claim, user.claims);
}
}
public async Task IssueAndRefreshAccessToken()
{
var jwtService = JwtServiceFactory.Create(
TimeSpan.FromSeconds(10),
TimeSpan.FromMinutes(5),
TimeSpan.FromSeconds(10));
var user = GetUser();
var access = jwtService
.IssueAccessToken(user.id, user.name, user.roles);
await Task.Delay(11000);
var refreshedAccess = jwtService
.RefreshAccessToken(
access.Tokens.AccessToken.Value,
access.Tokens.RefreshToken.Value);
Assert.True(refreshedAccess.Result == JwtTokenResult.TokenResult.Ok);
Assert.NotNull(refreshedAccess.Tokens);
Assert.NotNull(refreshedAccess.Tokens.AccessToken);
Assert.NotNull(refreshedAccess.Tokens.RefreshToken.Value);
Assert.Equal(user.id, refreshedAccess.UserId);
var identityOptions = new IdentityOptions();
var accessClaims = new JwtSecurityTokenHandler()
.ReadJwtToken(access.Tokens.AccessToken.Value)
.Claims.ToArray();
var accessId = accessClaims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
var accessName = accessClaims
.FirstOrDefault(x => x.Type
.Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
.Value;
var roles = accessClaims
.Where(x => x.Type
.Equals(ClaimTypes.Role));
Assert.Equal(user.id, accessId);
Assert.Equal(user.name, accessName);
foreach (var role in roles)
{
Assert.Contains(role.Value, user.roles);
}
Assert.False(access.Tokens.AccessToken
.Equals(refreshedAccess.Tokens.AccessToken));
}
// Read accessToken Claims and convert it to its Type [VUser]
public static _VUser ToVUser(string accessToken)
{
// get claims from the access token string
IEnumerable <Claim> claims = new JwtSecurityTokenHandler().ReadJwtToken(accessToken).Claims;
_VUser vUser = new _VUser();
// get all vUser Propperties
var props = vUser.GetProperties();
// loop through vUser props and set each prop value with the corresponding claim value
foreach (var prop in props)
{
vUser.SetValue(prop.Name, claims.FirstOrDefault(c => c.Type == prop.Name).Value);
}
// finally return the fulfilled vUser object
return(vUser);
}
public JwtTokenResult RefreshAccessToken(
string accessToken,
string refreshToken,
IEnumerable <string> customClaimsType)
{
var result = ValidateRefreshToken(refreshToken);
if (result.result != JwtTokenResult.TokenResult.Ok)
{
return(new JwtTokenResult(result.result));
}
Claim[] accessClaims = null;
try
{
accessClaims = new JwtSecurityTokenHandler()
.ReadJwtToken(accessToken)
.Claims.ToArray();
}
catch
{
return(JwtTokenResult.AccessInvalid());
}
var identityOptions = new IdentityOptions();
var refreshId = result.claims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
var accessId = accessClaims
.FirstOrDefault(x => x.Type
.Equals(JwtRegisteredClaimNames.Sub))
.Value;
if (!refreshId.Equals(accessId))
{
return(JwtTokenResult.Mismatch());
}
//var refreshJti = result.claims
// .FirstOrDefault(x => x.Type
// .Equals(JwtRegisteredClaimNames.Jti))
// .Value;
var accessName = accessClaims
.FirstOrDefault(x => x.Type
.Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
.Value;
var roles = accessClaims
.Where(x => x.Type
.Equals(ClaimTypes.Role));
List <Claim> claims = null;
if (customClaimsType != null)
{
var customClaims = accessClaims
.Where(claim => customClaimsType.Contains(claim.Type))
.ToArray();
if (customClaims != null && customClaims.Length > 0)
{
claims = GetAccessClaims(accessId, accessName, roles, customClaims);
}
else
{
claims = GetAccessClaims(accessId, accessName, roles);
}
}
else
{
claims = GetAccessClaims(accessId, accessName, roles);
}
var newAccessToken = CreateAccessToken(claims);
if (result.update)
{
bool longTermRefresh = result.claims
.Any(x => x.Type.Equals(_options.LongTermRefreshTokenClaim) &&
x.Value.Equals(Boolean.TrueString));
var newRefreshToken = GetRefreshToken(accessId, accessName, longTermRefresh);
return(JwtTokenResult.Ok(new TokenModel
(
newAccessToken,
newRefreshToken
),
accessId,
accessClaims));
}
var incomingRefreshDetails = new JwtTokenDetails()
.Get(refreshToken);
return(JwtTokenResult.Ok(
new TokenModel(
newAccessToken,
(refreshToken, incomingRefreshDetails.Expiration, incomingRefreshDetails.Jti)),
accessId,
accessClaims));
}