| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- using BlackRock.Reporting.API.Core.Models;
- using Microsoft.AspNetCore.Identity;
-
- namespace BlackRock.Reporting.API.Authentication
- {
- public class RefreshTokenManager : IRefreshTokenManager
- {
- private readonly UserManager<ApplicationUser> userManager;
-
- public RefreshTokenManager(UserManager<ApplicationUser> userManager)
- {
- this.userManager = userManager;
- }
- public async Task<string> GenerateRefreshToken(ApplicationUser user)
- {
- var newRefreshToken = await userManager.GenerateUserTokenAsync(user, "MyApp", "RefreshToken");
- await userManager.SetAuthenticationTokenAsync(user, "MyApp", "RefreshToken", newRefreshToken);
-
- var refreshToken = await userManager.GetAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
- var isValid = await userManager.VerifyUserTokenAsync(user, "MyApp", "RefreshToken", refreshToken);
-
- if (!isValid)
- throw new UnauthorizedAccessException("Invalid token passed");
-
- return refreshToken;
- }
- public async Task RemoveRefreshToken(ApplicationUser user)
- {
- await userManager.RemoveAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
- }
- public async Task<bool> ValidateRefreshToken(ApplicationUser user, string refreshToken)
- {
- var refreshTokenFromDb = await userManager.GetAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
-
- if(refreshTokenFromDb == null || refreshTokenFromDb != refreshToken)
- throw new UnauthorizedAccessException("Invalid token passed");
-
- return true;
- }
- }
- }
|
