/// <summary> /// Method to get User AccessToken by connecting to Token Method "api/Account/Token" of Api Server with user credential /// Password is encrypted with Api Server Public Key /// This method requires /// 1. JEdixAuthServerPublicKey /// 2. JEdixWin is authorized - Gene.Client.WinClient.IsClientAuthorized /// If authenticated, /// 1. Token is decrypted and stored in static properties of static class "Win" /// </summary> /// <param name="userId"></param> /// <param name="password"></param> /// <param name="cancellationToken"></param> /// <returns></returns> public static async Task <bool> GetAccessToken(string userId, string password, CancellationToken cancellationToken = new CancellationToken()) { if (WinClient.IsClientAuthorized) { using (var client = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.UserVerificationHeader(WinClient.ServerPublicKey))) { var encryptedPassword = Security.Cryptography.AsymmetricEncryption.Encrypt(password, WinClient.ServerPublicKey); var loginContent = JsonSerializer.GetStringContent(new { UserId = userId, Password = encryptedPassword }); using (var response = await client.PostAsync("api/Account/Token", loginContent, cancellationToken).ConfigureAwait(false)) { if (response.IsSuccessStatusCode) { var token = await response.Content.ReadAsStringAsync(); token = token.Replace("\"", ""); var decryptedToken = JWEAsymmetric.Parse(token, WinClient.PRIVATE_KEY); WinClient.PKSystemUser = GetInt64(decryptedToken.Claims[JWTConstant.PK_SYSTEM_USER]); WinClient.SystemUserName = decryptedToken.Claims[JWTConstant.USER_NAME]; WinClient.AccessToken = decryptedToken.Claims[JWTConstant.ACCESS_TOKEN]; WinClient.RefreshToken = decryptedToken.Claims[JWTConstant.REFRESH_TOKEN]; WinClient.TokenExpiryInUtc = decryptedToken.ExpiryDateTimeInUtc(); return(true); } } } } return(false); }
/// <summary> /// Important Step to get verified if this JEdixWin is authentic by Api Server. /// PKI Encrypted Header is created by HttpHeader.VerifyClientHeader(ServerPublicKey) /// which contains KeyFile.JEDIX_WIN_CLIENT_SECRET encrypted by ServerPublicKey /// </summary> /// <param name="token"></param> /// <returns></returns> public static async Task <bool> VerifyClient(CancellationToken token = new CancellationToken()) { if (!WinClient.IsClientAuthorized) { using (var clientKeyExchange = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.VerifyClientHeader(WinClient.ServerPublicKey))) { var content = JsonSerializer.GetStringContent(null); using (var response = await clientKeyExchange.PostAsync("api/Account/VerifyClient", content, token).ConfigureAwait(false)) { if (response.IsSuccessStatusCode) { var jwsString = await response.Content.ReadAsStringAsync(); var jws = JWEAsymmetric.Parse(jwsString.Replace("\"", ""), WinClient.PRIVATE_KEY); WinClient.SharedSymmetricKey = jws[JWTConstant.CLAIM_SYMMETRIC_KEY]; WinClient.IsClientAuthorized = true; } else { WinClient.IsClientAuthorized = false; } } } } return(WinClient.IsClientAuthorized); }
/// <summary> /// Method to re-obtain User Access Token with Refresh Token /// </summary> /// <param name="pkSystemUser"></param> /// <param name="accessToken"></param> /// <param name="refreshToken"></param> /// <param name="cancellationToken"></param> /// <returns></returns> public static async Task <bool> RefreshToken(long?pkSystemUser, string accessToken, string refreshToken, CancellationToken cancellationToken = new CancellationToken()) { if (WinClient.IsClientAuthorized) { using (var client = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.UserVerificationHeader(WinClient.ServerPublicKey))) { var encryptedAccessToken = Security.Cryptography.AsymmetricEncryption.Encrypt(accessToken, WinClient.ServerPublicKey); var encryptedRefreshToken = Security.Cryptography.AsymmetricEncryption.Encrypt(refreshToken, WinClient.ServerPublicKey); var body = new { PKSystemUser = pkSystemUser, AccessToken = encryptedAccessToken, RefreshToken = encryptedRefreshToken }; var content = JsonSerializer.GetStringContent(body); using (var response = await client.PostAsync("api/Account/RefreshToken", content, cancellationToken).ConfigureAwait(false)) { if (response.IsSuccessStatusCode) { var token = await response.Content.ReadAsStringAsync(); var decryptedToken = JWEAsymmetric.Parse(token, WinClient.PRIVATE_KEY); WinClient.AccessToken = decryptedToken.Claims[JWTConstant.ACCESS_TOKEN]; WinClient.TokenExpiryInUtc = decryptedToken.ExpiryDateTimeInUtc(); return(true); } } } } return(false); }
/// <summary> /// Only to get Api Server public key, by sending JEdixWin Client Name /// </summary> /// <param name="token"></param> /// <returns></returns> public static async Task <bool> ExchangePublicKey(CancellationToken token = new CancellationToken()) { using (var clientKeyExchange = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.ExchangePublicKeyHeader())) { var content = JsonSerializer.GetStringContent(new { Name = KeyFile.JEDIX_WIN_CLIENT_NAME }); using (var response = await clientKeyExchange.PostAsync("api/Account/ExchangePublicKeys", content, token).ConfigureAwait(false)) { if (response.IsSuccessStatusCode) { var jwsString = await response.Content.ReadAsStringAsync(); var jws = JWT.ParseFromBase64Url(jwsString); WinClient.ServerPublicKey = jws[JWTConstant.CLAIM_PUBLIC_KEY]; } } } return(ApiClient.WinClient.IsClientAuthorized); }