public async Task RenewAsync(string key, AuthenticationTicket ticket)
{
var session = await _sessionStorage.GetAsync(key);
var serializedTicket = _ticketSerializer.Serialize(ticket);
session.SerializedTicket = serializedTicket;
session.LastAccess = DateTimeOffset.Now;
session.Expires = ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddDays(1);
await _sessionStorage.UpdateAsync(session);
}
public string Protect(AuthenticationTicket ticket)
{
var ticketData = serializer.Serialize(ticket);
var protectedString = Convert.ToBase64String(ticketData);
return(protectedString);
}
// ISecureDataFormat<AuthenticationTicket> Members
public string Protect(AuthenticationTicket ticket)
{
var ticketData = serializer.Serialize(ticket);
var protectedString = Encoding.UTF8.GetString(ticketData);
return(protectedString);
}
public void Test_ReturnsSuccessIfValidCookieEsists()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.True(result.Succeeded);
Assert.Equal("Foo User", result.Principal.Identity.Name);
}
public void Test_ReturnsFailureIf_InValidCookieEsistsOrIfCookieIsDamaged()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket + "Corrupt"
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
Assert.Equal($"Unable to extract cookie '{AuthConstants.AUTH_COOKIE_NM}', cookie might be damaged/modified", result.Failure.Message);
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshToken = Guid.NewGuid().ToString("n");
var entities = new ApplicationDbContext();
var repo = new ApplicationRepository(entities);
var rToken = new RefreshToken()
{
DateCreatedUtc = DateTime.UtcNow,
IssuedUtc = DateTime.UtcNow,
ExpirationDateUtc = DateTime.UtcNow.AddYears(1),
IsActive = true,
Id = GetHash(refreshToken),
ApplicationUserId = context.Ticket.Identity.GetUserId(),
};
context.Ticket.Properties.IssuedUtc = rToken.DateCreatedUtc;
context.Ticket.Properties.ExpiresUtc = rToken.ExpirationDateUtc;
//rToken.ProtectedTicket = context.SerializeTicket();
TicketSerializer serializer = new TicketSerializer();
rToken.ProtectedTicket = System.Text.Encoding.Default.GetString(serializer.Serialize(context.Ticket));
await repo.RefreshTokens.AddOrUpdateAndSaveAsync(rToken);
context.SetToken(refreshToken);
}
public void Test_SignIn_AddsCookie_IfAuthResultIsSuccess()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
authenticator.SignIn(AuthenticateResult.Success(ticket), context.Object);
response.Verify(r => r.AppendCookie(It.Is <HttpCookie>(c => Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(c.Value))) == Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(encodedTicket))) &&
c.Expires.Date.Minute == DateTime.Now.AddMinutes(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES).Date.Minute)), Times.Once);
}
public string Protect(T data, string purpose)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] userData = _serializer.Serialize(data);
return(Convert.ToBase64String(userData));
}
string ISecureDataFormat <T> .Protect(T data)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] userData = _serializer.Serialize(data);
return(Convert.ToBase64String(userData));
}
private async Task StoreAsync(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
await Db.StringSetAsync(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow);
}
private void Store(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
Db.StringSet(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow);
}
public string Protect(AuthenticationTicket ticket)
{
var ticketData = _serializer.Serialize(ticket);
var protectedData = _protector.Protect(ticketData);
var protectedString = _encoder.Encode(protectedData);
return(protectedString);
}
private async Task StoreAsync(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
IDatabase database = _redis.GetDatabase(_configuration.Db);
await database.StringSetAsync(guid, serialize, _configuration.ExpiresUtc.TimeOfDay);
}
public static string Encode(IEnumerable <Claim> claims)
{
var ticket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), Constants.Scheme);
var serializer = new TicketSerializer();
var bytes = serializer.Serialize(ticket);
return(Convert.ToBase64String(bytes));
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
try
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
return;
// Gera um ID unico para o RefreshToken
var refreshTokenId = Guid.NewGuid().ToString("n");
// Pega o tempo de expiração (em minuto) do token do contexto do Owin
var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime");
// Identifica o Browser
var userAgent = HttpContext.Current.Request.UserAgent;
var userBrowser = new HttpBrowserCapabilities { Capabilities = new Hashtable { { string.Empty, userAgent } } };
var factory = new BrowserCapabilitiesFactory();
factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser);
var browser = userBrowser.Browser;
var issuedUtc = DateTime.UtcNow;
var expiresUtc = issuedUtc.AddMinutes(3); //issuedUtc.AddMonths(Convert.ToInt32(refreshTokenLifeTime));
// Define os dados do RefreshToken
var token = new RefreshToken
{
Id = HashHelper.GetHash(refreshTokenId),
ClientId = clientid,
Browser = browser,
Subject = context.Ticket.Identity.Name,
IssuedUtc = issuedUtc,
ExpiresUtc = expiresUtc
};
// Define o IssuedUtc e o ExpiresUtc do ticket para determinar o quanto tempo o token vai ser válido
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
// Serializa o ticket para ser gravado na base de dados
var ticketSerializer = new TicketSerializer();
token.ProtectedTicket = ticketSerializer.Serialize(context.Ticket);
// Grava o ticket na base de dados
var refreshTokenDomain = DependecyConfig.Container.GetInstance<IRefreshTokenDomain>();
var result = await refreshTokenDomain.CreateAsync(token);
if (result)
context.SetToken(refreshTokenId);
}
catch (Exception ex)
{
throw ex;
}
}
public async Task RenewAsync(string key, AuthenticationTicket ticket)
{
var options = new DistributedCacheEntryOptions();
var expiresUtc = ticket.Properties.ExpiresUtc;
if (expiresUtc.HasValue)
{
options.SetAbsoluteExpiration(expiresUtc.Value);
}
var buffer = _ts.Serialize(ticket);
await _cache.SetAsync(key, buffer, options);
}
// for debugging in memory
//List<RefreshToken> tokens = new List<RefreshToken>();
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
// apple send a different form format back
var form = context.Request.Path == new PathString("/api/Account/handleresponsefromapple") ? null : await context.Request.ReadFormAsync();
var grantType = form?.GetValues("grant_type");
// don't create a new refresh token if the user is only after a new access token
if (grantType == null || grantType[0] != "refresh_token")
{
var db = context.OwinContext.Get <ApplicationDbContext>();
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
Random rand = new Random();
string tokenString = Membership.GeneratePassword(30, 0);
tokenString = Regex.Replace(tokenString, @"[^a-zA-Z0-9]", m => rand.Next(0, 10).ToString());
DateTimeOffset issuedUtc = DateTimeOffset.UtcNow;
DateTimeOffset expiresUtc = DateTimeOffset.UtcNow.AddYears(1);
AuthenticationTicket refreshTokenTicket = new AuthenticationTicket(
context.Ticket.Identity,
new AuthenticationProperties(context.Ticket.Properties.Dictionary));
refreshTokenTicket.Properties.IssuedUtc = issuedUtc;
refreshTokenTicket.Properties.ExpiresUtc = expiresUtc;
TicketSerializer serializer = new TicketSerializer();
string serializedTicket = Convert.ToBase64String(serializer.Serialize(refreshTokenTicket));
// Store in the database, with the hashed token and the ticket as encrypted
// json using the token as the decrypt password
RefreshToken newToken = new RefreshToken
{
CreatedAtUtc = issuedUtc,
ExpiresAtUtc = expiresUtc,
Revoked = false,
User = await userManager.FindByNameAsync(context.Ticket.Identity.Name),
TokenHash = GetStringSha256Hash(tokenString),
EncryptedTicket = ServerUtils.StringCipher.Encrypt(serializedTicket, tokenString)
};
db.RefreshTokens.Add(newToken);
await db.SaveChangesAsync();
//tokens.Add(newToken);
context.SetToken(tokenString);
}
}
public Task <string> StoreAsync(AuthenticationTicket ticket)
{
string key = Guid.NewGuid().ToString();
HttpContext httpContext = HttpContext.Current;
CheckSessionAvailable(httpContext);
//httpContext.Session[key + ".Ticket"] = ticket;
// Serialization fix from https://stackoverflow.com/a/33614059
var ticketSerializer = new TicketSerializer();
var ticketBytes = ticketSerializer.Serialize(ticket);
httpContext.Session[key + ".Ticket"] = ticketBytes;
return(Task.FromResult(key));
}
public async Task RenewAsync(string key, AuthenticationTicket ticket)
{
var options = new DistributedCacheEntryOptions();
if (DateTime.TryParseExact(
ticket.Principal.Claims.FirstOrDefault(claim => claim.Type == RuleTypes.ValidTo)?.Value, "o", CultureInfo.InvariantCulture, DateTimeStyles.None, out DateTime expiresUtc))
{
options.SetAbsoluteExpiration(expiresUtc);
}
else
{
options.SetSlidingExpiration(TimeSpan.FromMinutes(30));
}
await _cache.SetAsync(key, _ticketSerializer.Serialize(ticket), options);
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary[AuthenticationPropertyKeys.CLIENT_ID];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>();
ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager);
Client client = _repo.FindClient(clientid);
if (client == null)
{
return;
}
var token = new RefreshToken()
{
Id = HashGenerator.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
//token.ProtectedTicket = context.SerializeTicket();
TicketSerializer serializer = new TicketSerializer();
token.ProtectedTicket = Encoding.Default.GetString(serializer.Serialize(context.Ticket));
var result = await _repo.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
public void Test_IfChallengeIsCalled_If_Both_Authenticators_ReturnsNotSuccess()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var encodedTicket = Convert.ToBase64String(serializer.Serialize(ticket));
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(1),
Value = encodedTicket
};
cookies.Set(cookie);
cookieAuthenticator.Setup(ca => ca.Authenticate(context.Object)).Returns(AuthenticateResult.NoResult());
spnegoAuthenticator.Setup(sa => sa.Authenticate(context.Object)).Returns(AuthenticateResult.NoResult());
var whitelistPath = "/whitelistpath";
var mockConfiguration = new Dictionary <string, string>()
{
{ AuthConstants.WHITELIST_PATHS_CSV_NM, whitelistPath }
};
request.SetupGet(r => r.Path).Returns("/anypath");
context.SetupGet(c => c.User).Returns(() => { return(null); });
var handler = new WindowsAuthenticationHandler(cookieAuthenticator.Object, spnegoAuthenticator.Object, GetConfiguration(), logger.Object);
handler.HandleRequest(context.Object);
cookieAuthenticator.Verify(ca => ca.Authenticate(context.Object), Times.Once);
spnegoAuthenticator.Verify(sa => sa.Authenticate(context.Object), Times.Once);
spnegoAuthenticator.Verify(sa => sa.Challenge(It.IsAny <AuthenticationProperties>(), context.Object), Times.Once);
cookieAuthenticator.Verify(ca => ca.SignIn(It.IsAny <AuthenticateResult>(), context.Object), Times.Never);
context.VerifySet(c => c.User = ticket.Principal, Times.Never);
}
public void SignIn(AuthenticateResult authResult, HttpContextBase contextBase)
{
if (authResult.Succeeded)
{
var protectedTicket = dataProtector.Protect(serializer.Serialize(authResult.Ticket));
var encodedProtectedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddMinutes(COOKIE_TIMEOUT_IN_MINUTES),
Secure = contextBase.Request.Url.Scheme == "https",
HttpOnly = true,
Value = encodedProtectedTicket
};
contextBase.Response.AppendCookie(cookie);
logger.LogDebug($"Auth Cookie '{AuthConstants.AUTH_COOKIE_NM}' added");
}
}
public async Task RenewAsync(string key, AuthenticationTicket ticket)
{
var session = await _sessionStorage.GetAsync(key);
var claimsIdentity = ticket.Principal.Identity as ClaimsIdentity;
var expirationClaim = claimsIdentity.FindFirst(StandardClaims.Expiration);
if (expirationClaim != default)
{
claimsIdentity.RemoveClaim(expirationClaim);
claimsIdentity.AddClaim(new Claim(StandardClaims.Expiration, (ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddHours(1)).ToUnixTimeSeconds().ToString()));
}
var serializedTicket = _ticketSerializer.Serialize(ticket);
session.SerializedTicket = serializedTicket;
session.Updated = DateTimeOffset.Now;
session.Expires = ticket.Properties.ExpiresUtc ?? DateTimeOffset.Now.AddHours(1);
await _sessionStorage.UpdateAsync(session);
}
public void InteropSerializerCanReadNewTicket()
{
var user = new ClaimsPrincipal();
var identity = new ClaimsIdentity("scheme");
identity.AddClaim(new Claim("Test", "Value"));
user.AddIdentity(identity);
var expires = DateTime.Today;
var issued = new DateTime(1979, 11, 11);
var properties = new AspNetCore.Http.Authentication.AuthenticationProperties();
properties.IsPersistent = true;
properties.RedirectUri = "/redirect";
properties.Items["key"] = "value";
properties.ExpiresUtc = expires;
properties.IssuedUtc = issued;
var newTicket = new AspNetCore.Authentication.AuthenticationTicket(user, properties, "scheme");
var newSerializer = new TicketSerializer();
var bytes = newSerializer.Serialize(newTicket);
var interopSerializer = new AspNetTicketSerializer();
var interopTicket = interopSerializer.Deserialize(bytes);
Assert.NotNull(interopTicket);
var newIdentity = interopTicket.Identity;
Assert.NotNull(newIdentity);
Assert.Equal("scheme", newIdentity.AuthenticationType);
Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
Assert.NotNull(interopTicket.Properties);
Assert.True(interopTicket.Properties.IsPersistent);
Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
}
public void InteropSerializerCanReadNewTicket()
{
var user = new ClaimsPrincipal();
var identity = new ClaimsIdentity("scheme");
identity.AddClaim(new Claim("Test", "Value"));
user.AddIdentity(identity);
var expires = DateTime.Today;
var issued = new DateTime(1979, 11, 11);
var properties = new Http.Authentication.AuthenticationProperties();
properties.IsPersistent = true;
properties.RedirectUri = "/redirect";
properties.Items["key"] = "value";
properties.ExpiresUtc = expires;
properties.IssuedUtc = issued;
var newTicket = new AuthenticationTicket(user, properties, "scheme");
var newSerializer = new TicketSerializer();
var bytes = newSerializer.Serialize(newTicket);
var interopSerializer = new AspNetTicketSerializer();
var interopTicket = interopSerializer.Deserialize(bytes);
Assert.NotNull(interopTicket);
var newIdentity = interopTicket.Identity;
Assert.NotNull(newIdentity);
Assert.Equal("scheme", newIdentity.AuthenticationType);
Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
Assert.NotNull(interopTicket.Properties);
Assert.True(interopTicket.Properties.IsPersistent);
Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
}
/// <summary>CreateRefreshToken</summary>
/// <param name="context"></param>
private void CreateRefreshToken(AuthenticationTokenCreateContext context)
{
// context.SetToken(context.SerializeTicket());
// --------------------------------------------------
if (ASPNETIdentityConfig.EnableRefreshToken)
{
// EnableRefreshToken == true
string token = GetPassword.Base64UrlSecret(128); // Guid.NewGuid().ToString();
// copy properties and set the desired lifetime of refresh token.
AuthenticationProperties refreshTokenProperties = new AuthenticationProperties(context.Ticket.Properties.Dictionary)
{
// IssuedUtcとExpiredUtcという有効期限プロパティをAuthenticationTicketに追加
IssuedUtc = context.Ticket.Properties.IssuedUtc,
ExpiresUtc = DateTime.UtcNow.Add(ASPNETIdentityConfig.OAuthRefreshTokenExpireTimeSpanFromDays) // System.TimeSpan.FromSeconds(20)) // Debug時
};
// AuthenticationTicket.IdentityのClaimsIdentity値を含む有効期限付きの新しいAuthenticationTicketを作成する。
AuthenticationTicket refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, refreshTokenProperties);
// 新しいrefreshTokenTicketをConcurrentDictionaryに保存
// consider storing only the hash of the handle.
TicketSerializer serializer = new TicketSerializer();
byte[] bytes = serializer.Serialize(refreshTokenTicket);
switch (ASPNETIdentityConfig.UserStoreType)
{
case EnumUserStoreType.Memory:
RefreshTokenProvider.RefreshTokens.TryAdd(token, refreshTokenTicket);
break;
case EnumUserStoreType.SqlServer:
case EnumUserStoreType.ODPManagedDriver:
case EnumUserStoreType.PostgreSQL: // DMBMS
using (IDbConnection cnn = DataAccess.CreateConnection())
{
cnn.Open();
switch (ASPNETIdentityConfig.UserStoreType)
{
case EnumUserStoreType.SqlServer:
cnn.Execute(
"INSERT INTO [RefreshTokenDictionary] ([Key], [Value], [CreatedDate]) VALUES (@Key, @Value, @CreatedDate)",
new { Key = token, Value = bytes, CreatedDate = DateTime.Now });
break;
case EnumUserStoreType.ODPManagedDriver:
cnn.Execute(
"INSERT INTO \"RefreshTokenDictionary\" (\"Key\", \"Value\", \"CreatedDate\") VALUES (:Key, :Value, :CreatedDate)",
new { Key = token, Value = bytes, CreatedDate = DateTime.Now });
break;
case EnumUserStoreType.PostgreSQL:
cnn.Execute(
"INSERT INTO \"refreshtokendictionary\" (\"key\", \"value\", \"createddate\") VALUES (@Key, @Value, @CreatedDate)",
new { Key = token, Value = bytes, CreatedDate = DateTime.Now });
break;
}
}
break;
}
context.SetToken(token);
}
else
{
// EnableRefreshToken == false
}
}
private void Store(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
IDatabase database = _redis.GetDatabase(_configuration.Db);
database.StringSet(guid, serialize, _configuration.ExpiresUtc.TimeOfDay);
}
private RefreshToken CreateRefreshTokenEntity(AuthenticationTokenCreateContext context)
{
var guid =
new Guid(
context.Ticket.Identity.Claims.Where(c => c.Type == "RefreshToken")
.Select(c => c.Value)
.FirstOrDefault());
var clientId = context.Ticket.Properties.Dictionary["as:client_id"];
var refreshToken = new RefreshToken(guid, clientId, this.expriredTime);
var refreshTokenTicket = new AuthenticationTicket(context.Ticket.Identity, new AuthenticationProperties(context.Ticket.Properties.Dictionary)
{
IssuedUtc = refreshToken.CreatedTime,
ExpiresUtc = refreshToken.ExpiredTime
});
refreshToken.SetAuthenticationTicket(System.Text.Encoding.Default.GetString(serializer.Serialize(refreshTokenTicket)));
return(refreshToken);
}
