private async Task <RefreshToken> GenerateJwtRefreshToken(IdentityUser identityUser, string appId) { if (appId == null) { return(null); } string token; var bytes = new byte[32]; using (var generator = RandomNumberGenerator.Create()) { generator .GetBytes(bytes); token = Convert.ToBase64String(bytes); } var removeResult = await this.UserManager .RemoveAuthenticationTokenAsync(identityUser, JwtBearerDefaults.AuthenticationScheme, appId); if (!removeResult.Succeeded) { this.ThrowIdentityExceptions(removeResult.Errors); } var identityUserToken = new IdentityUserTokenExpiry <string> { UserId = identityUser.Id, Name = appId, Value = token, LoginProvider = JwtBearerDefaults.AuthenticationScheme, ExpireAt = DateTimeOffset.UtcNow.AddHours(this.Options.Jwt.RefreshExpirationInHours) }; await this.DbContext .AddAsync(identityUserToken); await this.DbContext .SaveChangesAsync(); return(new RefreshToken { Token = token, ExpireAt = identityUserToken.ExpireAt }); }
private async Task <AccessToken> GenerateJwtToken(IdentityUser identityUser, SecurityOptions options) { if (identityUser == null) { throw new ArgumentNullException(nameof(identityUser)); } var roles = await this.UserManager .GetRolesAsync(identityUser); var userClaims = await this.UserManager .GetClaimsAsync(identityUser); var roleClaims = roles .Select(y => new Claim(ClaimTypes.Role, y)); var claims = new Collection <Claim> { new Claim(JwtRegisteredClaimNames.Sub, identityUser.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Email, identityUser.Email), new Claim(ClaimTypes.Name, identityUser.UserName), new Claim(ClaimTypes.NameIdentifier, identityUser.Id) } .Union(userClaims) .Union(roleClaims); var notBeforeAt = DateTime.UtcNow; var expireAt = DateTime.UtcNow.AddHours(options.Jwt.ExpirationInHours); var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(options.Jwt.SecretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var securityToken = new JwtSecurityToken(options.Jwt.Issuer, options.Jwt.Issuer, claims, notBeforeAt, expireAt, signingCredentials); var token = new JwtSecurityTokenHandler().WriteToken(securityToken); var refreshToken = await this.GenerateRefreshToken(); var removeResult = await this.UserManager .RemoveAuthenticationTokenAsync(identityUser, JwtBearerDefaults.AuthenticationScheme, IdentityManager.REFERSH_TOKEN_NAME); if (!removeResult.Succeeded) { this.ThrowIdentityExceptions(removeResult.Errors); } var identityUserToken = new IdentityUserTokenExpiry <string> { UserId = identityUser.Id, Name = IdentityManager.REFERSH_TOKEN_NAME, Value = refreshToken, LoginProvider = JwtBearerDefaults.AuthenticationScheme, ExpireAt = DateTimeOffset.UtcNow.AddHours(this.Options.Jwt.RefreshExpirationInHours) }; await this.DbContext .AddAsync(identityUserToken); await this.DbContext .SaveChangesAsync(); return(new AccessToken { Token = token, RefreshToken = new RefreshToken { Token = refreshToken, ExpireAt = identityUserToken.ExpireAt }, ExpireAt = expireAt }); }