public JwtTokenResult IssueAccessToken( string id, string name, IEnumerable <string> roles, IEnumerable <KeyValuePair <string, string> > customClaims) { var accessResult = GetAccessToken(id, name, roles, customClaims); var refreshResult = GetRefreshToken(id, name); var model = new TokenModel( (accessResult.token, accessResult.expiry, accessResult.jti), (refreshResult.token, refreshResult.expiry, refreshResult.jti) ); return(JwtTokenResult.Ok(model, id, accessResult.accessClaims)); }
public JwtTokenResult RefreshAccessToken( string accessToken, string refreshToken, IEnumerable <string> customClaimsType) { var result = ValidateRefreshToken(refreshToken); if (result.result != JwtTokenResult.TokenResult.Ok) { return(new JwtTokenResult(result.result)); } Claim[] accessClaims = null; try { accessClaims = new JwtSecurityTokenHandler() .ReadJwtToken(accessToken) .Claims.ToArray(); } catch { return(JwtTokenResult.AccessInvalid()); } var identityOptions = new IdentityOptions(); var refreshId = result.claims .FirstOrDefault(x => x.Type .Equals(JwtRegisteredClaimNames.Sub)) .Value; var accessId = accessClaims .FirstOrDefault(x => x.Type .Equals(JwtRegisteredClaimNames.Sub)) .Value; if (!refreshId.Equals(accessId)) { return(JwtTokenResult.Mismatch()); } //var refreshJti = result.claims // .FirstOrDefault(x => x.Type // .Equals(JwtRegisteredClaimNames.Jti)) // .Value; var accessName = accessClaims .FirstOrDefault(x => x.Type .Equals(identityOptions.ClaimsIdentity.UserNameClaimType)) .Value; var roles = accessClaims .Where(x => x.Type .Equals(ClaimTypes.Role)); List <Claim> claims = null; if (customClaimsType != null) { var customClaims = accessClaims .Where(claim => customClaimsType.Contains(claim.Type)) .ToArray(); if (customClaims != null && customClaims.Length > 0) { claims = GetAccessClaims(accessId, accessName, roles, customClaims); } else { claims = GetAccessClaims(accessId, accessName, roles); } } else { claims = GetAccessClaims(accessId, accessName, roles); } var newAccessToken = CreateAccessToken(claims); if (result.update) { bool longTermRefresh = result.claims .Any(x => x.Type.Equals(_options.LongTermRefreshTokenClaim) && x.Value.Equals(Boolean.TrueString)); var newRefreshToken = GetRefreshToken(accessId, accessName, longTermRefresh); return(JwtTokenResult.Ok(new TokenModel ( newAccessToken, newRefreshToken ), accessId, accessClaims)); } var incomingRefreshDetails = new JwtTokenDetails() .Get(refreshToken); return(JwtTokenResult.Ok( new TokenModel( newAccessToken, (refreshToken, incomingRefreshDetails.Expiration, incomingRefreshDetails.Jti)), accessId, accessClaims)); }