public IActionResult Login(LoginRequestDTO request)
{
if (!_service.AuthorizeStudent(request.Login, request.Password))
{
return(StatusCode(403));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "School",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var RefreshToken = Guid.NewGuid();
_service.SetRefreshToken(RefreshToken.ToString(), request.Login);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = RefreshToken
}));
}