public async Task <JwtAuthenticationResult> RefreshAsync(string expiredAccessToken, string refreshToken)
{
_logger.LogTrace("Reading username from token {Token}", refreshToken);
if (!TryGetGetUserFromToken(expiredAccessToken, out var userName, out var securityToken))
{
_logger.LogWarning("Failed to get user through token");
return(new JwtAuthenticationResult()
{
AuthenticationRequired = true
});
}
_logger.LogTrace("Obtaining user through userName {@UserName}", userName);
var user = await _userManager.FindByNameAsync(userName);
if (user == null)
{
_logger.LogWarning("Failed to get user through principal");
return(new JwtAuthenticationResult()
{
AuthenticationRequired = true
});
}
var refreshTokenData = await _refreshTokenManager.GetRefreshTokenAsync(user, refreshToken);
if (refreshTokenData == null)
{
_logger.LogWarning("No refresh token available but there should be one");
return(new JwtAuthenticationResult()
{
AuthenticationRequired = true
});
}
else
{
if (refreshTokenData.IsUsed)
{
_logger.LogWarning("A used token refresh token was sent again - perhaps someone stole the token, expire all client tokens and force re-authentication");
await _refreshTokenManager.RemoveAllAsync(user);
return(new JwtAuthenticationResult()
{
AuthenticationRequired = true
});
}
}
using (var transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
_logger.LogDebug("Generating new authentication from refresh token");
var authenticationResult = await CreateAuthenticationResultFromUserAsync(user);
await _refreshTokenManager.InvalidateRefreshTokenAsync(user, refreshToken);
transaction.Complete();
return(authenticationResult);
}
}
