public string IssueAuthToken(RefreshTokenPayload refreshToken)
{
ValidateToken(refreshToken);
var user = _userService.Get(refreshToken.Subject);
return(GenerateAuthToken(user));
}
public async Task <RefreshTokenResult> GetTokenByRefresh(string refreshToken)
{
const string url = "https://accounts.spotify.com/api/token";
var payload = new RefreshTokenPayload(refreshToken,
_configuration.ClientId, _configuration.ClientSecret);
var response = await _httpClient.PostFormWithToken <RefreshTokenResult>(url, payload);
return(response);
}
private string GenerateRefreshToken(string userId)
{
RefreshTokenPayload payload = new RefreshTokenPayload
{
Issuer = _settings.Issuer,
Subject = userId,
Audience = _settings.Audience,
IssuedAt = DateTime.Now.Millisecond,
Expires = DateTime.Now.AddHours(_settings.RefreshTokenValidityHours).Millisecond,
};
return(GenerateToken(payload));
}
public IActionResult RefreshToken(RefreshTokenPayload payload)
{
if (!_db.StudentExists(payload.IndexNumber))
{
return(Unauthorized("Invalid user or refresh token"));
}
var SecurityData = _db.GetStudentSecurityData(payload.IndexNumber);
if (payload.RefreshToken != SecurityData.RefreshToken)
{
return(Unauthorized("Invalid user or refresh token"));
}
return(Ok(new
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(_security.GenerateToken(
payload.IndexNumber,
SecurityData.Role
))
}));
}
