public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientAppId = context.Ticket.Properties.Dictionary["as:client_app_id"];
if (string.IsNullOrEmpty(clientAppId))
{
return;
}
//We are generating a unique identifier for the refresh token
var refreshTokenId = Guid.NewGuid().ToString("n");
WebApiService service = new WebApiService();
var client = service.FindClientByAppId(clientAppId);
/*
* We are reading the refresh token life time value from the Owin
* context where we set this value once we validate the client,
* this value will be used to determine how long the refresh token
* will be valid for, this should be in minutes.
*/
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var token = new RefreshToken()
{
RefreshTokenId = Core.Utility.Authentication.AuthHelper.GetHash(refreshTokenId),
ClientAppId = clientAppId,
Name = context.Ticket.Identity.Name ?? client.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
/*
* we are setting the IssuedUtc, and ExpiresUtc values for the ticket,
* setting those properties will determine how long the refresh token will be valid for.
*/
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
// serialize the ticket content
token.ProtectedTicket = context.SerializeTicket();
// save record in RefreshTokens table
/*
* We are checking that the token which will be saved on the database is unique
* for this User and the Client, if it not unique we’ll delete the existing one
* and store new refresh token.
*/
var result = await service.AddRefreshToken(token);
if (result)
{
//send back the refresh token id
context.SetToken(refreshTokenId);
}
}
