public async Task <(IIdentityResult, AuthenticationResponse)> RefreshSessionAsync(RefreshToken refreshToken) { if (!refreshToken.IsActive) { return(CustomIdentityResult.Failed("The given refresh token is not active"), null); } ApplicationUser user = await GetRefreshTokenOwnerAsync(refreshToken) .ConfigureAwait(false) ?? throw new ArgumentException("The given refresh token is not attached to any user", nameof(refreshToken)); string accessToken = await _jwtAccessTokenGenerator.GenerateAsync(user) .ConfigureAwait(false); RefreshToken newRefreshToken = await _jwtRefreshTokenGenerator.GenerateAsync() .ConfigureAwait(false); await AttachRefreshTokenToUserAsync(user, newRefreshToken) .ConfigureAwait(false); await RevokeRefreshTokenAsync(refreshToken) .ConfigureAwait(false); return(CustomIdentityResult.Success(), new() { AccessToken = accessToken, RefreshToken = newRefreshToken.Token }); }
public async Task <IIdentityResult> RevokeRefreshTokenAsync(RefreshToken refreshToken) { if (!refreshToken.IsActive) { return(CustomIdentityResult.Failed("Refresh token has already been revoked")); } refreshToken.RevokedAt = DateTime.Now; await _identityDbContext.SaveChangesAsync() .ConfigureAwait(false); return(CustomIdentityResult.Success()); }
public async Task <(IIdentityResult, AuthenticationResponse)> AuthenticateAsync(ApplicationUser user, string password) { bool passwordValid = await _userManager.CheckPasswordAsync(user, password) .ConfigureAwait(false); if (!passwordValid) { return(CustomIdentityResult.Failed("Password is not valid"), null); } string accessToken = await GetJwtAccessTokenForUserAsync(user) .ConfigureAwait(false); string refreshToken = await GetJwtRefreshTokenForUserAsync(user) .ConfigureAwait(false); return(CustomIdentityResult.Success(), new() { AccessToken = accessToken, RefreshToken = refreshToken }); }