/// <summary> /// Creates a basic login result. /// Adds user role claims to Jwt payload /// NOTE: If you duplicate a key in the additionalPayload, this will error. /// </summary> /// <param name="authUser"></param> /// <param name="client"></param> /// <param name="config"></param> /// <param name="additionalPayload"></param> /// <returns></returns> protected LoginResult GetBaseLoginResult(AuthUser authUser, AuthClient client, JwtConfig config, IDictionary <string, string> additionalPayload = null) { config.RefreshMinutes = client.RefreshTokenMinutes; // MUST set refresh minutes by client var now = DateTime.UtcNow; IDictionary <string, string[]> payload = CreateJwtPayload(authUser, client); if (additionalPayload != null) { foreach (var kv in additionalPayload) { payload.Add(kv.Key, new[] { kv.Value }); } } // add ossied time for easier parsing payload.Add(OwinKeys.Ticks, new[] { now.Ticks.ToString() }); // add claims bool hasClaims = (authUser.UserRole?.UserRoleClaims != null); var claimFlags = new Dictionary <int, int>(); if (hasClaims) { foreach (var cgroup in authUser.UserRole.UserRoleClaims.GroupBy(cv => cv.ClaimTypeId)) { int claimValues = cgroup.Aggregate(0, (v, urc) => v | urc.ClaimValueId); // | them together claimFlags.Add(cgroup.Key, claimValues); payload[ClaimsHelper.SetTypePrefix(cgroup.Key)] = new [] { claimValues.ToString() }; } } string accessToken = JsonWebToken.CreateAccessToken(config, now, payload); string refreshToken = JsonWebToken.CreateRefreshToken(config, now, payload); string csrfToken = CsrfToken.Create(accessToken); Guid refreshGuid = AuthService.CreateToken(authUser.Id, client.Id, now, config.RefreshMinutes, refreshToken); return(new LoginResult { AuthUserId = authUser.Id, ClaimFlags = claimFlags, IssuedUtc = now, ExpiresUtc = now.AddMinutes(config.AccessMinutes), RefreshTokenIdentifier = refreshGuid.ToString(), Jwt = accessToken, CsrfToken = csrfToken }); }