public List <Claim> GenerateRefreshClaims(uvw_Issuer issuer, uvw_User user)
{
var expire = _context.Set <uvw_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.RefreshExpire).Single();
var claims = new List <Claim>();
//add lowest common denominators...
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
//nonce to enhance entropy
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));
//not before timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//issued at timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//expire on timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
return(claims);
}
public void CreateIssuers()
{
/*
* create default issuers
*/
foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <uvw_Issuer>()
.Where(x => x.Name == DefaultConstants.IssuerName).ToLambda())
.SingleOrDefault();
if (foundIssuer == null)
{
foundIssuer = _uow.Issuers.Create(
_map.Map <uvw_Issuer>(new IssuerV1()
{
Name = DefaultConstants.IssuerName,
IssuerKey = DefaultConstants.IssuerKey,
IsEnabled = true,
IsDeletable = false,
}));
_uow.Commit();
}
var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda())
.SingleOrDefault();
if (foundAccessExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.AccessExpire,
ConfigValue = 600.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda())
.SingleOrDefault();
if (foundRefreshExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.RefreshExpire,
ConfigValue = 86400.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda())
.SingleOrDefault();
if (foundTotpExpire == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.TotpExpire,
ConfigValue = 600.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda())
.SingleOrDefault();
if (foundPollingMax == null)
{
_uow.Settings.Create(
_map.Map <uvw_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.PollingMax,
ConfigValue = 10.ToString(),
IsDeletable = false,
}));
_uow.Commit();
}
}
public List <Claim> GenerateAccessClaims(uvw_Issuer issuer, uvw_User user)
{
var expire = _context.Set <uvw_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.AccessExpire).Single();
var legacyClaims = _context.Set <uvw_Setting>().Where(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.GlobalLegacyClaims).Single();
var claims = new List <Claim>();
//add lowest common denominators...
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (!string.IsNullOrEmpty(user.EmailAddress))
{
claims.Add(new Claim(ClaimTypes.Email, user.EmailAddress));
}
if (!string.IsNullOrEmpty(user.PhoneNumber))
{
claims.Add(new Claim(ClaimTypes.MobilePhone, user.PhoneNumber));
}
claims.Add(new Claim(ClaimTypes.GivenName, user.FirstName));
claims.Add(new Claim(ClaimTypes.Surname, user.LastName));
var userRoles = _context.Set <uvw_Role>()
.Where(x => _context.Set <uvw_UserRole>().Where(x => x.UserId == user.Id).Any()).ToList();
foreach (var role in userRoles.OrderBy(x => x.Name))
{
claims.Add(new Claim(ClaimTypes.Role, role.Name));
//check compatibility is enabled. pack claim(s) with old name and new name.
if (bool.Parse(legacyClaims.ConfigValue))
{
claims.Add(new Claim("role", role.Name, ClaimTypes.Role));
}
}
var userClaims = _context.Set <uvw_Claim>()
.Where(x => _context.Set <uvw_UserClaim>().Where(x => x.UserId == user.Id).Any()).ToList();
foreach (var claim in userClaims.OrderBy(x => x.Type))
{
claims.Add(new Claim(claim.Type, claim.Value, claim.ValueType));
}
//nonce to enhance entropy
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));
//not before timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//issued at timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//expire on timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
return(claims);
}