public async Task RenewAsync(string key, AuthenticationTicket ticket) { var session = await _sessionStorage.GetAsync(key); var serializedTicket = _ticketSerializer.Serialize(ticket); session.SerializedTicket = serializedTicket; session.LastAccess = DateTimeOffset.Now; session.Expires = ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddDays(1); await _sessionStorage.UpdateAsync(session); }
public string Protect(AuthenticationTicket ticket) { var ticketData = serializer.Serialize(ticket); var protectedString = Convert.ToBase64String(ticketData); return(protectedString); }
// ISecureDataFormat<AuthenticationTicket> Members public string Protect(AuthenticationTicket ticket) { var ticketData = serializer.Serialize(ticket); var protectedString = Encoding.UTF8.GetString(ticketData); return(protectedString); }
public void Test_ReturnsSuccessIfValidCookieEsists() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket }; cookies.Set(cookie); browser.SetupGet(b => b.Cookies).Returns(true); var authenticator = new CookieAuthenticator(dataProtector, logger.Object); var result = authenticator.Authenticate(context.Object); Assert.True(result.Succeeded); Assert.Equal("Foo User", result.Principal.Identity.Name); }
public void Test_ReturnsFailureIf_InValidCookieEsistsOrIfCookieIsDamaged() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket + "Corrupt" }; cookies.Set(cookie); browser.SetupGet(b => b.Cookies).Returns(true); var authenticator = new CookieAuthenticator(dataProtector, logger.Object); var result = authenticator.Authenticate(context.Object); Assert.False(result.Succeeded); Assert.Equal($"Unable to extract cookie '{AuthConstants.AUTH_COOKIE_NM}', cookie might be damaged/modified", result.Failure.Message); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var refreshToken = Guid.NewGuid().ToString("n"); var entities = new ApplicationDbContext(); var repo = new ApplicationRepository(entities); var rToken = new RefreshToken() { DateCreatedUtc = DateTime.UtcNow, IssuedUtc = DateTime.UtcNow, ExpirationDateUtc = DateTime.UtcNow.AddYears(1), IsActive = true, Id = GetHash(refreshToken), ApplicationUserId = context.Ticket.Identity.GetUserId(), }; context.Ticket.Properties.IssuedUtc = rToken.DateCreatedUtc; context.Ticket.Properties.ExpiresUtc = rToken.ExpirationDateUtc; //rToken.ProtectedTicket = context.SerializeTicket(); TicketSerializer serializer = new TicketSerializer(); rToken.ProtectedTicket = System.Text.Encoding.Default.GetString(serializer.Serialize(context.Ticket)); await repo.RefreshTokens.AddOrUpdateAndSaveAsync(rToken); context.SetToken(refreshToken); }
public void Test_SignIn_AddsCookie_IfAuthResultIsSuccess() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket }; var authenticator = new CookieAuthenticator(dataProtector, logger.Object); authenticator.SignIn(AuthenticateResult.Success(ticket), context.Object); response.Verify(r => r.AppendCookie(It.Is <HttpCookie>(c => Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(c.Value))) == Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(encodedTicket))) && c.Expires.Date.Minute == DateTime.Now.AddMinutes(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES).Date.Minute)), Times.Once); }
public string Protect(T data, string purpose) { TicketSerializer _serializer = new TicketSerializer(); byte[] userData = _serializer.Serialize(data); return(Convert.ToBase64String(userData)); }
string ISecureDataFormat <T> .Protect(T data) { TicketSerializer _serializer = new TicketSerializer(); byte[] userData = _serializer.Serialize(data); return(Convert.ToBase64String(userData)); }
private async Task StoreAsync(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); await Db.StringSetAsync(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow); }
private void Store(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); Db.StringSet(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow); }
public string Protect(AuthenticationTicket ticket) { var ticketData = _serializer.Serialize(ticket); var protectedData = _protector.Protect(ticketData); var protectedString = _encoder.Encode(protectedData); return(protectedString); }
private async Task StoreAsync(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); IDatabase database = _redis.GetDatabase(_configuration.Db); await database.StringSetAsync(guid, serialize, _configuration.ExpiresUtc.TimeOfDay); }
public static string Encode(IEnumerable <Claim> claims) { var ticket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), Constants.Scheme); var serializer = new TicketSerializer(); var bytes = serializer.Serialize(ticket); return(Convert.ToBase64String(bytes)); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { try { var clientid = context.Ticket.Properties.Dictionary["as:client_id"]; if (string.IsNullOrEmpty(clientid)) return; // Gera um ID unico para o RefreshToken var refreshTokenId = Guid.NewGuid().ToString("n"); // Pega o tempo de expiração (em minuto) do token do contexto do Owin var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); // Identifica o Browser var userAgent = HttpContext.Current.Request.UserAgent; var userBrowser = new HttpBrowserCapabilities { Capabilities = new Hashtable { { string.Empty, userAgent } } }; var factory = new BrowserCapabilitiesFactory(); factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser); var browser = userBrowser.Browser; var issuedUtc = DateTime.UtcNow; var expiresUtc = issuedUtc.AddMinutes(3); //issuedUtc.AddMonths(Convert.ToInt32(refreshTokenLifeTime)); // Define os dados do RefreshToken var token = new RefreshToken { Id = HashHelper.GetHash(refreshTokenId), ClientId = clientid, Browser = browser, Subject = context.Ticket.Identity.Name, IssuedUtc = issuedUtc, ExpiresUtc = expiresUtc }; // Define o IssuedUtc e o ExpiresUtc do ticket para determinar o quanto tempo o token vai ser válido context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; // Serializa o ticket para ser gravado na base de dados var ticketSerializer = new TicketSerializer(); token.ProtectedTicket = ticketSerializer.Serialize(context.Ticket); // Grava o ticket na base de dados var refreshTokenDomain = DependecyConfig.Container.GetInstance<IRefreshTokenDomain>(); var result = await refreshTokenDomain.CreateAsync(token); if (result) context.SetToken(refreshTokenId); } catch (Exception ex) { throw ex; } }
public async Task RenewAsync(string key, AuthenticationTicket ticket) { var options = new DistributedCacheEntryOptions(); var expiresUtc = ticket.Properties.ExpiresUtc; if (expiresUtc.HasValue) { options.SetAbsoluteExpiration(expiresUtc.Value); } var buffer = _ts.Serialize(ticket); await _cache.SetAsync(key, buffer, options); }
// for debugging in memory //List<RefreshToken> tokens = new List<RefreshToken>(); public async Task CreateAsync(AuthenticationTokenCreateContext context) { // apple send a different form format back var form = context.Request.Path == new PathString("/api/Account/handleresponsefromapple") ? null : await context.Request.ReadFormAsync(); var grantType = form?.GetValues("grant_type"); // don't create a new refresh token if the user is only after a new access token if (grantType == null || grantType[0] != "refresh_token") { var db = context.OwinContext.Get <ApplicationDbContext>(); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); Random rand = new Random(); string tokenString = Membership.GeneratePassword(30, 0); tokenString = Regex.Replace(tokenString, @"[^a-zA-Z0-9]", m => rand.Next(0, 10).ToString()); DateTimeOffset issuedUtc = DateTimeOffset.UtcNow; DateTimeOffset expiresUtc = DateTimeOffset.UtcNow.AddYears(1); AuthenticationTicket refreshTokenTicket = new AuthenticationTicket( context.Ticket.Identity, new AuthenticationProperties(context.Ticket.Properties.Dictionary)); refreshTokenTicket.Properties.IssuedUtc = issuedUtc; refreshTokenTicket.Properties.ExpiresUtc = expiresUtc; TicketSerializer serializer = new TicketSerializer(); string serializedTicket = Convert.ToBase64String(serializer.Serialize(refreshTokenTicket)); // Store in the database, with the hashed token and the ticket as encrypted // json using the token as the decrypt password RefreshToken newToken = new RefreshToken { CreatedAtUtc = issuedUtc, ExpiresAtUtc = expiresUtc, Revoked = false, User = await userManager.FindByNameAsync(context.Ticket.Identity.Name), TokenHash = GetStringSha256Hash(tokenString), EncryptedTicket = ServerUtils.StringCipher.Encrypt(serializedTicket, tokenString) }; db.RefreshTokens.Add(newToken); await db.SaveChangesAsync(); //tokens.Add(newToken); context.SetToken(tokenString); } }
public Task <string> StoreAsync(AuthenticationTicket ticket) { string key = Guid.NewGuid().ToString(); HttpContext httpContext = HttpContext.Current; CheckSessionAvailable(httpContext); //httpContext.Session[key + ".Ticket"] = ticket; // Serialization fix from https://stackoverflow.com/a/33614059 var ticketSerializer = new TicketSerializer(); var ticketBytes = ticketSerializer.Serialize(ticket); httpContext.Session[key + ".Ticket"] = ticketBytes; return(Task.FromResult(key)); }
public async Task RenewAsync(string key, AuthenticationTicket ticket) { var options = new DistributedCacheEntryOptions(); if (DateTime.TryParseExact( ticket.Principal.Claims.FirstOrDefault(claim => claim.Type == RuleTypes.ValidTo)?.Value, "o", CultureInfo.InvariantCulture, DateTimeStyles.None, out DateTime expiresUtc)) { options.SetAbsoluteExpiration(expiresUtc); } else { options.SetSlidingExpiration(TimeSpan.FromMinutes(30)); } await _cache.SetAsync(key, _ticketSerializer.Serialize(ticket), options); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientid = context.Ticket.Properties.Dictionary[AuthenticationPropertyKeys.CLIENT_ID]; if (string.IsNullOrEmpty(clientid)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>(); ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager); Client client = _repo.FindClient(clientid); if (client == null) { return; } var token = new RefreshToken() { Id = HashGenerator.GetHash(refreshTokenId), ClientId = clientid, Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; //token.ProtectedTicket = context.SerializeTicket(); TicketSerializer serializer = new TicketSerializer(); token.ProtectedTicket = Encoding.Default.GetString(serializer.Serialize(context.Ticket)); var result = await _repo.AddRefreshToken(token); if (result) { context.SetToken(refreshTokenId); } }
public void Test_IfChallengeIsCalled_If_Both_Authenticators_ReturnsNotSuccess() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var encodedTicket = Convert.ToBase64String(serializer.Serialize(ticket)); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(1), Value = encodedTicket }; cookies.Set(cookie); cookieAuthenticator.Setup(ca => ca.Authenticate(context.Object)).Returns(AuthenticateResult.NoResult()); spnegoAuthenticator.Setup(sa => sa.Authenticate(context.Object)).Returns(AuthenticateResult.NoResult()); var whitelistPath = "/whitelistpath"; var mockConfiguration = new Dictionary <string, string>() { { AuthConstants.WHITELIST_PATHS_CSV_NM, whitelistPath } }; request.SetupGet(r => r.Path).Returns("/anypath"); context.SetupGet(c => c.User).Returns(() => { return(null); }); var handler = new WindowsAuthenticationHandler(cookieAuthenticator.Object, spnegoAuthenticator.Object, GetConfiguration(), logger.Object); handler.HandleRequest(context.Object); cookieAuthenticator.Verify(ca => ca.Authenticate(context.Object), Times.Once); spnegoAuthenticator.Verify(sa => sa.Authenticate(context.Object), Times.Once); spnegoAuthenticator.Verify(sa => sa.Challenge(It.IsAny <AuthenticationProperties>(), context.Object), Times.Once); cookieAuthenticator.Verify(ca => ca.SignIn(It.IsAny <AuthenticateResult>(), context.Object), Times.Never); context.VerifySet(c => c.User = ticket.Principal, Times.Never); }
public void SignIn(AuthenticateResult authResult, HttpContextBase contextBase) { if (authResult.Succeeded) { var protectedTicket = dataProtector.Protect(serializer.Serialize(authResult.Ticket)); var encodedProtectedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddMinutes(COOKIE_TIMEOUT_IN_MINUTES), Secure = contextBase.Request.Url.Scheme == "https", HttpOnly = true, Value = encodedProtectedTicket }; contextBase.Response.AppendCookie(cookie); logger.LogDebug($"Auth Cookie '{AuthConstants.AUTH_COOKIE_NM}' added"); } }
public async Task RenewAsync(string key, AuthenticationTicket ticket) { var session = await _sessionStorage.GetAsync(key); var claimsIdentity = ticket.Principal.Identity as ClaimsIdentity; var expirationClaim = claimsIdentity.FindFirst(StandardClaims.Expiration); if (expirationClaim != default) { claimsIdentity.RemoveClaim(expirationClaim); claimsIdentity.AddClaim(new Claim(StandardClaims.Expiration, (ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddHours(1)).ToUnixTimeSeconds().ToString())); } var serializedTicket = _ticketSerializer.Serialize(ticket); session.SerializedTicket = serializedTicket; session.Updated = DateTimeOffset.Now; session.Expires = ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddHours(1); await _sessionStorage.UpdateAsync(session); }
public void InteropSerializerCanReadNewTicket() { var user = new ClaimsPrincipal(); var identity = new ClaimsIdentity("scheme"); identity.AddClaim(new Claim("Test", "Value")); user.AddIdentity(identity); var expires = DateTime.Today; var issued = new DateTime(1979, 11, 11); var properties = new AspNetCore.Http.Authentication.AuthenticationProperties(); properties.IsPersistent = true; properties.RedirectUri = "/redirect"; properties.Items["key"] = "value"; properties.ExpiresUtc = expires; properties.IssuedUtc = issued; var newTicket = new AspNetCore.Authentication.AuthenticationTicket(user, properties, "scheme"); var newSerializer = new TicketSerializer(); var bytes = newSerializer.Serialize(newTicket); var interopSerializer = new AspNetTicketSerializer(); var interopTicket = interopSerializer.Deserialize(bytes); Assert.NotNull(interopTicket); var newIdentity = interopTicket.Identity; Assert.NotNull(newIdentity); Assert.Equal("scheme", newIdentity.AuthenticationType); Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value")); Assert.NotNull(interopTicket.Properties); Assert.True(interopTicket.Properties.IsPersistent); Assert.Equal("/redirect", interopTicket.Properties.RedirectUri); Assert.Equal("value", interopTicket.Properties.Dictionary["key"]); Assert.Equal(expires, interopTicket.Properties.ExpiresUtc); Assert.Equal(issued, interopTicket.Properties.IssuedUtc); }
public void InteropSerializerCanReadNewTicket() { var user = new ClaimsPrincipal(); var identity = new ClaimsIdentity("scheme"); identity.AddClaim(new Claim("Test", "Value")); user.AddIdentity(identity); var expires = DateTime.Today; var issued = new DateTime(1979, 11, 11); var properties = new Http.Authentication.AuthenticationProperties(); properties.IsPersistent = true; properties.RedirectUri = "/redirect"; properties.Items["key"] = "value"; properties.ExpiresUtc = expires; properties.IssuedUtc = issued; var newTicket = new AuthenticationTicket(user, properties, "scheme"); var newSerializer = new TicketSerializer(); var bytes = newSerializer.Serialize(newTicket); var interopSerializer = new AspNetTicketSerializer(); var interopTicket = interopSerializer.Deserialize(bytes); Assert.NotNull(interopTicket); var newIdentity = interopTicket.Identity; Assert.NotNull(newIdentity); Assert.Equal("scheme", newIdentity.AuthenticationType); Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value")); Assert.NotNull(interopTicket.Properties); Assert.True(interopTicket.Properties.IsPersistent); Assert.Equal("/redirect", interopTicket.Properties.RedirectUri); Assert.Equal("value", interopTicket.Properties.Dictionary["key"]); Assert.Equal(expires, interopTicket.Properties.ExpiresUtc); Assert.Equal(issued, interopTicket.Properties.IssuedUtc); }
/// <summary>CreateRefreshToken</summary> /// <param name="context"></param> private void CreateRefreshToken(AuthenticationTokenCreateContext context) { // context.SetToken(context.SerializeTicket()); // -------------------------------------------------- if (ASPNETIdentityConfig.EnableRefreshToken) { // EnableRefreshToken == true string token = GetPassword.Base64UrlSecret(128); // Guid.NewGuid().ToString(); // copy properties and set the desired lifetime of refresh token. AuthenticationProperties refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary) { // IssuedUtcとExpiredUtcという有効期限プロパティをAuthenticationTicketに追加 IssuedUtc = context.Ticket.Properties.IssuedUtc, ExpiresUtc = DateTime.UtcNow.Add(ASPNETIdentityConfig.OAuthRefreshTokenExpireTimeSpanFromDays) // System.TimeSpan.FromSeconds(20)) // Debug時 }; // AuthenticationTicket.IdentityのClaimsIdentity値を含む有効期限付きの新しいAuthenticationTicketを作成する。 AuthenticationTicket refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties); // 新しいrefreshTokenTicketをConcurrentDictionaryに保存 // consider storing only the hash of the handle. TicketSerializer serializer = new TicketSerializer(); byte[] bytes = serializer.Serialize(refreshTokenTicket); switch (ASPNETIdentityConfig.UserStoreType) { case EnumUserStoreType.Memory: RefreshTokenProvider.RefreshTokens.TryAdd(token, refreshTokenTicket); break; case EnumUserStoreType.SqlServer: case EnumUserStoreType.ODPManagedDriver: case EnumUserStoreType.PostgreSQL: // DMBMS using (IDbConnection cnn = DataAccess.CreateConnection()) { cnn.Open(); switch (ASPNETIdentityConfig.UserStoreType) { case EnumUserStoreType.SqlServer: cnn.Execute( "INSERT INTO [RefreshTokenDictionary] ([Key], [Value], [CreatedDate]) VALUES (@Key, @Value, @CreatedDate)", new { Key = token, Value = bytes, CreatedDate = DateTime.Now }); break; case EnumUserStoreType.ODPManagedDriver: cnn.Execute( "INSERT INTO \"RefreshTokenDictionary\" (\"Key\", \"Value\", \"CreatedDate\") VALUES (:Key, :Value, :CreatedDate)", new { Key = token, Value = bytes, CreatedDate = DateTime.Now }); break; case EnumUserStoreType.PostgreSQL: cnn.Execute( "INSERT INTO \"refreshtokendictionary\" (\"key\", \"value\", \"createddate\") VALUES (@Key, @Value, @CreatedDate)", new { Key = token, Value = bytes, CreatedDate = DateTime.Now }); break; } } break; } context.SetToken(token); } else { // EnableRefreshToken == false } }
private void Store(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); IDatabase database = _redis.GetDatabase(_configuration.Db); database.StringSet(guid, serialize, _configuration.ExpiresUtc.TimeOfDay); }
private RefreshToken CreateRefreshTokenEntity(AuthenticationTokenCreateContext context) { var guid = new Guid( context.Ticket.Identity.Claims.Where(c => c.Type == "RefreshToken") .Select(c => c.Value) .FirstOrDefault()); var clientId = context.Ticket.Properties.Dictionary["as:client_id"]; var refreshToken = new RefreshToken(guid, clientId, this.expriredTime); var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, new AuthenticationProperties(context.Ticket.Properties.Dictionary) { IssuedUtc = refreshToken.CreatedTime, ExpiresUtc = refreshToken.ExpiredTime }); refreshToken.SetAuthenticationTicket(System.Text.Encoding.Default.GetString(serializer.Serialize(refreshTokenTicket))); return(refreshToken); }