private int?ValidateTokenAndGetUserID(string token) { try { TokenValidationParameters tokenValidationParams = new TokenValidationParameters { ValidateAudience = false, // You might need to validate this one depending on your case ValidateIssuer = false, ValidateActor = false, ValidateLifetime = false, // Do not validate lifetime here IssuerSigningKey = new SymmetricSecurityKey( Encoding.ASCII.GetBytes(_appSettings.JWTSecret) ) }; SecurityToken securityToken; ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(token, tokenValidationParams, out securityToken); JwtSecurityToken jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { throw new SecurityTokenException("Invalid token!"); } string userId = principal.FindFirstValue(ClaimTypes.Name); if (userId != null && string.IsNullOrEmpty(userId)) { throw new SecurityTokenException($"Missing claim: {ClaimTypes.Name}!"); } return(Convert.ToInt32(userId)); } catch (Exception ex) { return(null); } }
string CheckAuth(ServerCallContext context) { string tokenStr = context.GetHttpContext().Request?.Headers["Authorization"]; if (string.IsNullOrEmpty(tokenStr)) { return(string.Empty); } if (tokenStr.StartsWith(tokenSchema)) { tokenStr = tokenStr.Split(' ')[1]; } SecurityToken token; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenSecurityKey)); ClaimsPrincipal claims = new JwtSecurityTokenHandler().ValidateToken(tokenStr, new TokenValidationParameters { ValidAudience = tokenAudience, ValidIssuer = tokenIssuer, IssuerSigningKey = key }, out token); var userName = claims.FindFirstValue(ClaimTypes.Name); return(userName); }
public async Task <ActionResult> RefreshTokenAsync([FromBody] RefreshTokenDto refreshTokenDto) { // Still validate the passed in token, but ignore its expiration date by setting validate lifetime to false var validationParameters = new TokenValidationParameters { ClockSkew = TimeSpan.Zero, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(authSettings.APISecrect)), RequireSignedTokens = true, ValidateIssuer = true, ValidateAudience = true, RequireExpirationTime = true, ValidateLifetime = false, ValidAudience = authSettings.TokenAudience, ValidIssuer = authSettings.TokenIssuer }; ClaimsPrincipal tokenClaims; try { tokenClaims = new JwtSecurityTokenHandler().ValidateToken(refreshTokenDto.Token, validationParameters, out var rawValidatedToken); } catch (Exception e) { return(Unauthorized(e.Message)); } var userIdClaim = tokenClaims.FindFirstValue(ClaimTypes.NameIdentifier); if (userIdClaim == null || !int.TryParse(userIdClaim, out var userId)) { return(Unauthorized("Invalid token.")); } var user = await userRepository.GetByIdAsync(userId, user => user.RefreshTokens); if (user == null) { return(Unauthorized("Invalid token.")); } user.RefreshTokens.RemoveAll(token => token.Expiration <= DateTime.UtcNow); var currentRefreshToken = user.RefreshTokens.FirstOrDefault(token => token.DeviceId == refreshTokenDto.DeviceId && token.Token == refreshTokenDto.RefreshToken); if (currentRefreshToken == null) { await userRepository.SaveAllAsync(); return(Unauthorized("Invalid token.")); } user.RefreshTokens.Remove(currentRefreshToken); var token = GenerateJwtToken(user); var refreshToken = GenerateRefreshToken(); user.RefreshTokens.Add(new RefreshToken { Token = refreshToken, Expiration = DateTimeOffset.UtcNow.AddMinutes(authSettings.RefreshTokenExpirationTimeInMinutes), DeviceId = refreshTokenDto.DeviceId }); await userRepository.SaveAllAsync(); return(Ok(new { token, refreshToken })); }
public RefreshTokenResult RefreshToken(string token) { var tokenValidationParams = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = false, ValidateIssuerSigningKey = true, ValidIssuer = appOptions.ClientId, ValidAudience = appOptions.ClientId, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(appOptions.ClientSecret) ) }; var principal = default(ClaimsPrincipal); var securityToken = default(SecurityToken); try { principal = new JwtSecurityTokenHandler().ValidateToken( token, tokenValidationParams, out securityToken ); } catch (Exception ex) { //TODO: log exception return(new RefreshTokenResult { Success = false, Message = "Invalid token" }); } var jwtToken = securityToken as JwtSecurityToken; if (jwtToken == null || !string.Equals(jwtToken.Header.Alg, securityAlgorithm, StringComparison.OrdinalIgnoreCase)) { return(new RefreshTokenResult { Success = false, Message = "Invalid token" }); } var userId = principal.FindFirstValue(SecurityClaims.UserIdentifier); if (string.IsNullOrWhiteSpace(userId)) { return(new RefreshTokenResult { Success = false, Message = "Invalid token" }); } var result = GenerateToken(new GenerateTokenRequest { UserId = userId, }); return(new RefreshTokenResult { Success = true, UserId = userId, Result = result }); }