Initial commit
This commit is contained in:
82
MealPlan.Api/Services/TokenService.cs
Normal file
82
MealPlan.Api/Services/TokenService.cs
Normal file
@@ -0,0 +1,82 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using MealPlan.Api.Models;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace MealPlan.Api.Services;
|
||||
|
||||
/// <summary>
|
||||
/// Issues JWT access tokens and rotating refresh tokens.
|
||||
/// Refresh tokens are cryptographically random opaque strings tracked in <see cref="IRefreshTokenStore"/>.
|
||||
/// </summary>
|
||||
public class TokenService : ITokenService
|
||||
{
|
||||
private readonly JwtOptions _options;
|
||||
private readonly IRefreshTokenStore _refreshTokenStore;
|
||||
|
||||
public TokenService(IOptions<JwtOptions> options, IRefreshTokenStore refreshTokenStore)
|
||||
{
|
||||
_options = options.Value;
|
||||
_refreshTokenStore = refreshTokenStore;
|
||||
}
|
||||
|
||||
public int AccessTokenLifetimeSeconds => _options.AccessTokenMinutes * 60;
|
||||
|
||||
public string CreateAccessToken(ApplicationUser user)
|
||||
{
|
||||
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Secret));
|
||||
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
||||
|
||||
var userId = user.Id.ToString();
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
new(JwtRegisteredClaimNames.Sub, userId),
|
||||
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
||||
new(ClaimTypes.NameIdentifier, userId),
|
||||
};
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.Email))
|
||||
{
|
||||
claims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.UserName))
|
||||
{
|
||||
claims.Add(new Claim(ClaimTypes.Name, user.UserName));
|
||||
}
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: _options.Issuer,
|
||||
audience: _options.Audience,
|
||||
claims: claims,
|
||||
notBefore: DateTime.UtcNow,
|
||||
expires: DateTime.UtcNow.AddMinutes(_options.AccessTokenMinutes),
|
||||
signingCredentials: credentials);
|
||||
|
||||
return new JwtSecurityTokenHandler().WriteToken(token);
|
||||
}
|
||||
|
||||
public RefreshToken CreateRefreshToken(string userId)
|
||||
{
|
||||
var token = new RefreshToken
|
||||
{
|
||||
Token = GenerateSecureToken(),
|
||||
UserId = userId,
|
||||
CreatedAtUtc = DateTime.UtcNow,
|
||||
ExpiresAtUtc = DateTime.UtcNow.AddDays(_options.RefreshTokenDays),
|
||||
IsRevoked = false,
|
||||
};
|
||||
|
||||
_refreshTokenStore.Add(token);
|
||||
return token;
|
||||
}
|
||||
|
||||
private static string GenerateSecureToken()
|
||||
{
|
||||
var bytes = RandomNumberGenerator.GetBytes(64);
|
||||
return Convert.ToBase64String(bytes);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user