/// <summary>
/// Get refreshed token from Cognito using for the current user
/// </summary>
/// <param name="userRequest"></param>
/// <returns>AuthFlowResponse</returns>
public AuthFlowResponse ProcessRefreshToken(UserRequest userRequest)
{
AuthFlowResponse authResponse;
try
{
AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(), RegionEndpoint.USWest2);
CognitoUserPool userPool = new CognitoUserPool("XXX_XXX", userRequest.CognitoClientId, provider);
CognitoUser user = new CognitoUser(userRequest.UserName, userRequest.CognitoClientId, userPool, provider, userRequest.ClientSecret)
{
SessionTokens = new CognitoUserSession(null, null, userRequest.Payload.RefreshToken, DateTime.Now, DateTime.Now.AddDays(10))
};
InitiateRefreshTokenAuthRequest authRequest = new InitiateRefreshTokenAuthRequest()
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN
};
authResponse = user.StartWithRefreshTokenAuthAsync(authRequest).Result;
return(authResponse);
}
catch (Exception processRefreshTokenException)
{
LambdaLogger.Log(processRefreshTokenException.ToString());
return(null);
}
}
public static async Task <AuthenticationResultType> RefreshTokenDaihuyen(AuthenticationResultType request)
{
try
{
var accesstoken = new JwtSecurityToken(request.AccessToken);
var idtoken = new JwtSecurityToken(request.IdToken);
string userName = idtoken.Claims.FirstOrDefault(m => m.Type.Equals("cognito:username"))?.Value;
// get new token
AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(_region);
CognitoUserPool userPool = new CognitoUserPool(UserPoolId, _clientId, provider);
CognitoUser user = new CognitoUser(userName, _clientId, userPool, provider, _clientSecret)
{
SessionTokens = new CognitoUserSession(request.IdToken, request.AccessToken, request.RefreshToken, DateTime.Now, DateTime.Now.AddHours(1))
};
InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest()
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
};
AuthFlowResponse authResponse = await user.StartWithRefreshTokenAuthAsync(refreshRequest);
return(authResponse.AuthenticationResult);
}
catch (Exception ex)
{
throw;
}
}
public async Task <string> RefreshCredsAsync()
{
AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient
(new AnonymousAWSCredentials(), regionEndpoint);
CognitoUserPool userPool = new CognitoUserPool(poolId, clientId, provider);
CognitoUser user = new CognitoUser(userId, clientId, userPool, provider);
user.SessionTokens = new CognitoUserSession(null, null, authResponse.AuthenticationResult.RefreshToken, DateTime.Now, DateTime.Now.AddHours(1));
InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest()
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
};
try
{
authResponse = await user.StartWithRefreshTokenAuthAsync(refreshRequest).ConfigureAwait(false);
accessToken = authResponse.AuthenticationResult.AccessToken;
refreshToken = authResponse.AuthenticationResult.RefreshToken;
goodTill = DateTime.UtcNow.AddSeconds(authResponse.AuthenticationResult.ExpiresIn);
return(accessToken);
}
catch (Exception ex)
{
var x = ex.Message;
throw;
}
}
public async void RefreshToken(string username)
{
CognitoUserPool userPool = new CognitoUserPool(this.POOL_ID, this.CLIENTAPP_ID, provider);
CognitoUser user = new CognitoUser(username, this.CLIENTAPP_ID, userPool, provider);
InitiateRefreshTokenAuthRequest ra = new InitiateRefreshTokenAuthRequest()
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN
};
AuthFlowResponse authResponse = await user.StartWithRefreshTokenAuthAsync(ra);
if (authResponse.AuthenticationResult != null)
{
cognitoUserSession = new CognitoUserSession(authResponse.AuthenticationResult.IdToken, authResponse.AuthenticationResult.AccessToken, authResponse.AuthenticationResult.RefreshToken, DateTime.Now, DateTime.Now.AddHours(1));
}
}
public async Task <bool> refreshCredentials()
{
if (Statics.credentials != null)
{
if (Statics.myidtoken.ValidTo < DateTime.Now)
{
//var p2 = new AmazonCognitoIdentityProviderClient(Statics.credentials);
var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(), Amazon.RegionEndpoint.EUWest2);
var userPool = new CognitoUserPool(Statics.poolID, Statics.clientID, provider);
var user = new CognitoUser((string)Statics.myidtoken.Payload["email"], Statics.clientID, userPool, provider);
// var acpc = new AmazonCognitoIdentityProviderClient(Statics.creds.AccessKey, Statics.creds.SecretKey, Statics.creds.Token);
user.SessionTokens = new CognitoUserSession(Statics.id_token, Statics.access_token, Statics.refresh_token,
Statics.myidtoken.IssuedAt, DateTime.Now.AddHours(1));
//Statics.user.SessionTokens.ExpirationTime = DateTime.Now.AddHours(1);
var awr = new InitiateRefreshTokenAuthRequest
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN
};
try
{
//Statics.authResponse = await Statics.user.StartWithRefreshTokenAuthAsync(awr);
Statics.authResponse = await user.StartWithRefreshTokenAuthAsync(awr);
Statics.user = user;
return(await getCredentials());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine(ex.ToString());
if (ex.InnerException != null)
{
Console.WriteLine(ex.InnerException.Message);
Console.WriteLine(ex.InnerException.ToString());
}
}
}
else
{
var newid = Statics.credentials.RefreshIdentityAsync();
return(true);
}
}
return(false);
}
// Refresh the authentication tokens (JWT), using the stored refresh token
public async void RefreshAsync(string refreshToken)
{
var request = new InitiateRefreshTokenAuthRequest {
AuthFlowType = AuthFlowType.REFRESH_TOKEN
};
try {
var response = await State.User.StartWithRefreshTokenAuthAsync(request);
EnqueueMessage(new RefreshResult {
Response = response,
Status = RefreshResult.RefreshStatus.Success
});
} catch (Exception ex) {
EnqueueMessage(new RefreshResult {
Status = RefreshResult.RefreshStatus.Error,
InnerException = ex,
ErrorMessage = ex.Message
});
}
}
public void Run(APIGatewayProxyRequest request, APIGatewayProxyResponse response, FinanceUser user)
{
string idToken = CookieReader.GetCookie(request, "idToken");
string refreshToken = CookieReader.GetCookie(request, "refreshToken");
if (string.IsNullOrWhiteSpace(idToken) || string.IsNullOrWhiteSpace(refreshToken))
{
response.StatusCode = 400;
response.Body = new JObject {
{ "error", "idToken and refreshToken cookies are required" }
}.ToString();
return;
}
var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(), RegionEndpoint.USEast1);
var userPool = new CognitoUserPool(Configuration.FINANCE_API_COGNITO_USER_POOL_ID, Configuration.FINANCE_API_COGNITO_CLIENT_ID, provider);
var cognitoUser = new CognitoUser(user.Email, Configuration.FINANCE_API_COGNITO_CLIENT_ID, userPool, provider)
{
SessionTokens = new CognitoUserSession(null, null, refreshToken, DateTime.UtcNow, DateTime.UtcNow.AddHours(1))
};
InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
};
var refreshResponse = cognitoUser.StartWithRefreshTokenAuthAsync(refreshRequest).Result;
cognitoUser.SessionTokens = new CognitoUserSession(null, refreshResponse.AuthenticationResult.AccessToken, refreshToken, DateTime.Now, DateTime.Now.AddHours(1));
cognitoUser.GlobalSignOutAsync().Wait();
response.MultiValueHeaders = new Dictionary <string, IList <string> >
{
{
"Set-Cookie", new List <string>
{
"idToken=;Path=/;Secure;HttpOnly;expires=Thu, 01 Jan 1970 00:00:00 UTC",
"refreshToken=;Path=/;Secure;HttpOnly;expires=Thu, 01 Jan 1970 00:00:00 UTC"
}
}
};
response.Body = Constants.JSON_EMPTY;
}
private async Task <AuthFlowResponse> RefreshTokens(string userName, string refreshToken)
{
AuthFlowResponse authResponse = null;
this.User.SessionTokens = new CognitoUserSession(null, null, refreshToken, DateTime.Now, DateTime.Now.AddHours(1));
try
{
InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest()
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
};
authResponse = await User.StartWithRefreshTokenAuthAsync(refreshRequest).ConfigureAwait(false);
}
catch (Exception ex)
{
//TODO Show all exceptions!
Console.WriteLine("!!!Re-login again!!!");
Console.WriteLine(ex.Message);
}
return(authResponse);
}
public void Run(APIGatewayProxyRequest request, APIGatewayProxyResponse response, FinanceUser user)
{
string idToken = CookieReader.GetCookie(request, "idToken");
string refreshToken = CookieReader.GetCookie(request, "refreshToken");
if (string.IsNullOrWhiteSpace(idToken) || string.IsNullOrWhiteSpace(refreshToken))
{
response.StatusCode = 400;
response.Body = new JObject {
{ "error", "idToken and refreshToken cookies are required" }
}.ToString();
return;
}
var payload = Function.Base64Decode(idToken.Split('.')[1]);
var email = JObject.Parse(payload)["email"].Value <string>();
var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(), RegionEndpoint.USEast1);
var userPool = new CognitoUserPool(Configuration.FINANCE_API_COGNITO_USER_POOL_ID, Configuration.FINANCE_API_COGNITO_CLIENT_ID, provider);
var cognitoUser = new CognitoUser(email, Configuration.FINANCE_API_COGNITO_CLIENT_ID, userPool, provider)
{
SessionTokens = new CognitoUserSession(null, null, refreshToken, DateTime.UtcNow, DateTime.UtcNow.AddHours(1))
};
InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest
{
AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
};
var refreshResponse = cognitoUser.StartWithRefreshTokenAuthAsync(refreshRequest).Result;
var expirationDate = DateTime.UtcNow.AddDays(30).ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
response.MultiValueHeaders = new Dictionary <string, IList <string> >
{
{ "Set-Cookie", new List <string> {
$"idToken={refreshResponse.AuthenticationResult.IdToken};Path=/;Secure;HttpOnly;Expires={expirationDate}"
} }
};
response.Body = new JObject().ToString();
}
