public string CreateEncryptedLoginToken(LoginUsr usr, int defCompanyId, int defProjectId, byte defSystemId, UsrCurr curr, UsrImpr impr, string resources, string secret)
        {
            RintagiLoginToken loginToken = new RintagiLoginToken()
            {
                UsrId        = usr.UsrId,
                LoginName    = usr.LoginName,
                UsrName      = usr.UsrName,
                UsrEmail     = usr.UsrEmail,
                UsrGroup     = impr.UsrGroups,
                RowAuthority = impr.RowAuthoritys,
                SystemId     = curr.SystemId,
                CompanyId    = curr.CompanyId,
                ProjectId    = curr.ProjectId,
                DefSystemId  = defSystemId,
                DefCompanyId = defCompanyId,
                DefProjectId = defProjectId,
                DbId         = curr.DbId,
                Resources    = resources,
            };
            string json = Newtonsoft.Json.JsonConvert.SerializeObject(loginToken);
            SHA256CryptoServiceProvider hashsha256 = new SHA256CryptoServiceProvider();
            string hash      = BitConverter.ToString(hashsha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(json))).Replace("-", "");
            string encrypted = RO.Common3.Utils.ROEncryptString(hash.Left(32) + json, secret);

            return(encrypted);
        }
        public RintagiLoginToken DecryptLoginToken(string encryptedToken, string secret)
        {
            string            decryptedToken = RO.Common3.Utils.RODecryptString(encryptedToken, secret);
            RintagiLoginToken token          = Newtonsoft.Json.JsonConvert.DeserializeObject <RintagiLoginToken>(decryptedToken.Substring(32));

            return(token);
        }
        public SerializableDictionary <string, string> GetToken(string client_id, string scope, string grant_type, string code, string code_verifier, string redirect_url, string client_secret, string appPath, string appDomain, Func <string, string> getStoredToken, Func <LoginUsr, UsrCurr, UsrImpr, UsrPref, string, bool, bool> ValidateScope, bool reAuth = false)
        {
            Dictionary <string, object> scopeContext = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, object> >(scope);
            byte? systemId               = null;
            int?  companyId              = null;
            int?  projectId              = null;
            short?cultureId              = null;
            int   access_token_validity  = 5 * 60;            // 20 minutes
            int   refresh_token_validity = 60 * 60 * 24 * 14; // 14 days

            try { systemId = byte.Parse(scopeContext["SystemId"].ToString()); }
            catch { };
            try { companyId = int.Parse(scopeContext["CompanyId"].ToString()); }
            catch { };
            try { projectId = int.Parse(scopeContext["ProjectId"].ToString()); }
            catch { };
            try { cultureId = short.Parse(scopeContext["ProjectId"].ToString()); }
            catch { };

            //var context = HttpContext.Current;
            //string appPath = context.Request.ApplicationPath;
            //string domain = context.Request.Url.GetLeftPart(UriPartial.Authority);
            //HttpSessionState Session = HttpContext.Current.Session;
            //System.Web.Caching.Cache cache = HttpContext.Current.Cache;
            string          storedToken;
            RintagiLoginJWT loginJWT = new Func <RintagiLoginJWT>(() =>
            {
                if (grant_type == "authorization_code")
                {
                    storedToken = getStoredToken(code);
                    try
                    {
                        return(GetLoginUsrInfo(storedToken) ?? new RintagiLoginJWT());
                    }
                    catch
                    {
                    };
                }
                else if (grant_type == "refresh_token")
                {
                    try
                    {
                        return(GetLoginUsrInfo(code) ?? new RintagiLoginJWT());
                    }
                    catch { }
                }
                return(new RintagiLoginJWT());
            })();
            UsrCurr  LCurr;
            UsrImpr  LImpr;
            LoginUsr LUser;
            UsrPref  LPref;
            var      utc0             = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
            var      currTime         = DateTime.Now.ToUniversalTime().Subtract(utc0).TotalSeconds;
            var      nbf              = loginJWT.nbf - 20; // margin for multiple server clock skew(max 20s)
            var      expiredOn        = loginJWT.exp + 20; // margin for multiple server clock skew(max 20s)
            int      remainingSeconds = expiredOn - (int)currTime;
            var      currentHandle    = loginJWT.handle;
            bool     keepRefreshToken = remainingSeconds > 120 && !reAuth && grant_type == "refresh_token";

            try
            {
                if (currTime > nbf && currTime < expiredOn && ValidateJWTHandle(currentHandle))
                {
                    string            signingKey    = GetSessionSigningKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
                    string            encryptionKey = GetSessionEncryptionKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
                    RintagiLoginToken loginToken    = DecryptLoginToken(loginJWT.loginToken, encryptionKey);

                    LCurr = new UsrCurr(companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId, systemId ?? loginToken.SystemId, systemId ?? loginToken.SystemId);
                    LImpr = null;

                    LImpr = SetImpersonation(LImpr, loginToken.UsrId, systemId ?? loginToken.SystemId, companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId);

                    LUser              = new LoginUsr();
                    LUser.UsrId        = loginToken.UsrId;
                    LUser.LoginName    = loginToken.LoginName;
                    LUser.DefCompanyId = loginToken.DefCompanyId;
                    LUser.DefProjectId = loginToken.DefProjectId;
                    LUser.DefSystemId  = loginToken.DefSystemId;
                    LUser.UsrName      = loginToken.UsrName;
                    LUser.InternalUsr  = "******";
                    LUser.CultureId    = 1;
                    LUser.HasPic       = false;

                    LPref = (new LoginSystem()).GetUsrPref(LUser.UsrId, LCurr.CompanyId, LCurr.ProjectId, LCurr.SystemId);

                    string refreshTag = keepRefreshToken ? currentHandle : Guid.NewGuid().ToString().Replace("-", "").ToLower();
                    string loginTag   = Guid.NewGuid().ToString().Replace("-", "").ToLower();
                    if (ValidateScope(LUser, LCurr, LImpr, LPref, currentHandle, true))
                    {
                        string loginTokenJWT   = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, access_token_validity, loginTag);
                        string refreshTokenJWT = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, keepRefreshToken ? remainingSeconds : refresh_token_validity, refreshTag);
                        string token_scope     = string.Format("s{0}c{1}p{2}", LCurr.SystemId, LCurr.CompanyId, LCurr.ProjectId);
                        var    Token           = new SerializableDictionary <string, string> {
                            { "access_token", loginTokenJWT },
                            { "token_type", "Bearer" },
                            { "iat", currTime.ToString() },
                            { "expires_in", (access_token_validity - 1).ToString() },
                            { "scope", token_scope },
                            { "resources", appPath },
                            { "refresh_token", refreshTokenJWT },
                        };

                        return(Token);
                    }
                    else
                    {
                        return(new SerializableDictionary <string, string>()
                        {
                            { "error", "access_denied" },
                            { "message", "cannot issue token" },
                        });
                    }
                }
            }
            catch {
            }
            return(new SerializableDictionary <string, string>()
            {
                { "error", "invalid_token" },
                { "message", "cannot issue token" },
            });
        }