/// <summary>
/// The user authenticates and on success recieves a jwt token for use with auhtorization.
/// </summary>
/// <param name="dbContext">The <see cref="SignInManager{T}"/>.</param>
/// <param name="signInManager">The <see cref="SignInManager{T}"/>.</param>
/// <param name="userManager">The <see cref="UserManager{T}"/>.</param>
/// <param name="options">The <see cref="SecurityOptions"/>.</param>
public IdentityManager(DbContext dbContext, SignInManager <IdentityUser> signInManager, UserManager <IdentityUser> userManager, SecurityOptions options)
{
this.DbContext = dbContext ?? throw new ArgumentNullException(nameof(dbContext));
this.UserManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
this.SignInManager = signInManager ?? throw new ArgumentNullException(nameof(signInManager));
this.Options = options ?? throw new ArgumentNullException(nameof(options));
}
private async Task <AccessToken> GenerateJwtToken(IdentityUser identityUser, SecurityOptions options)
{
if (identityUser == null)
{
throw new ArgumentNullException(nameof(identityUser));
}
var roles = await this.UserManager
.GetRolesAsync(identityUser);
var userClaims = await this.UserManager
.GetClaimsAsync(identityUser);
var roleClaims = roles
.Select(y => new Claim(ClaimTypes.Role, y));
var claims = new Collection <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, identityUser.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, identityUser.Email),
new Claim(ClaimTypes.Name, identityUser.UserName),
new Claim(ClaimTypes.NameIdentifier, identityUser.Id)
}
.Union(userClaims)
.Union(roleClaims);
var notBeforeAt = DateTime.UtcNow;
var expireAt = DateTime.UtcNow.AddHours(options.Jwt.ExpirationInHours);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(options.Jwt.SecretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var securityToken = new JwtSecurityToken(options.Jwt.Issuer, options.Jwt.Issuer, claims, notBeforeAt, expireAt, signingCredentials);
var token = new JwtSecurityTokenHandler().WriteToken(securityToken);
var refreshToken = await this.GenerateRefreshToken();
var removeResult = await this.UserManager
.RemoveAuthenticationTokenAsync(identityUser, JwtBearerDefaults.AuthenticationScheme, IdentityManager.REFERSH_TOKEN_NAME);
if (!removeResult.Succeeded)
{
this.ThrowIdentityExceptions(removeResult.Errors);
}
var identityUserToken = new IdentityUserTokenExpiry <string>
{
UserId = identityUser.Id,
Name = IdentityManager.REFERSH_TOKEN_NAME,
Value = refreshToken,
LoginProvider = JwtBearerDefaults.AuthenticationScheme,
ExpireAt = DateTimeOffset.UtcNow.AddHours(this.Options.Jwt.RefreshExpirationInHours)
};
await this.DbContext
.AddAsync(identityUserToken);
await this.DbContext
.SaveChangesAsync();
return(new AccessToken
{
Token = token,
RefreshToken = new RefreshToken
{
Token = refreshToken,
ExpireAt = identityUserToken.ExpireAt
},
ExpireAt = expireAt
});
}
/// <inheritdoc />
public DefaultIdentityManager(DbContext dbContext, SignInManager <IdentityUser <Guid> > signInManager, RoleManager <IdentityRole <Guid> > roleManager, UserManager <IdentityUser <Guid> > userManager, SecurityOptions options)
: base(dbContext, signInManager, roleManager, userManager, options)
{
}