private async Task <(string AccessToken, IEnumerable <Claim> Claims)> createAccessTokenAsync(User user)
{
var claims = new List <Claim>
{
// Unique Id for all Jwt tokes
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer),
// Issuer
new Claim(JwtRegisteredClaimNames.Iss, this.configuration.Value.Issuer, ClaimValueTypes.String, this.configuration.Value.Issuer),
// Issued at
new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, this.configuration.Value.Issuer),
new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer),
new Claim(ClaimTypes.Name, user.UserId, ClaimValueTypes.String, this.configuration.Value.Issuer),
new Claim("DisplayName", user.DisplayName, ClaimValueTypes.String, this.configuration.Value.Issuer),
// to invalidate the cookie
new Claim(ClaimTypes.SerialNumber, user.SerialNumber, ClaimValueTypes.String, this.configuration.Value.Issuer),
// custom data
new Claim(ClaimTypes.UserData, user.UserId.ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer)
};
// add roles
var roles = await rolesRepository.FindUserRolesAsync(user.UserId);
foreach (var role in roles)
{
claims.Add(new Claim(ClaimTypes.Role, role.Name, ClaimValueTypes.String, this.configuration.Value.Issuer));
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.configuration.Value.Key));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
issuer: this.configuration.Value.Issuer,
audience: this.configuration.Value.Audience,
claims: claims,
notBefore: now,
expires: now.AddMinutes(this.configuration.Value.AccessTokenExpirationMinutes),
signingCredentials: creds);
return(new JwtSecurityTokenHandler().WriteToken(token), claims);
}
