Skip to content

Add refresh without database #60

New issue
New issue
Open
Open
Add refresh without database#60
Assignees
iamvladislove
Labels
enhancementNew feature or request
@iamvladislove

Description

@iamvladislove
iamvladislove
opened on Aug 12, 2022

Feature requirements

I'm like: a package user
I want to: refresh tokens without using a database
I that way: I don't need to have the database (and probably pay for it)

Technical solution

This feature will work by the following description:

  1. Someone send a login request. The request's body:
{
  "login": "Admin",
  "password": "Admin",
  "clientFingerPrint": "{{FINGERPRINT}}"
}

The response:

{
    "accessToken": {
        "value": "{{ACCESS_TOKEN_VALUE}}",
        "expiresInUtc": "2021-01-01T00:00:00.0000000Z"
    },
    "refreshToken": {
        "value": "{{REFRESH_TOKEN_VALUE}}",
        "expiresInUtc": "2021-01-01T00:00:00.0000000Z"
    }
}
  1. After login a user starts to send requests with an access token (as in the usual authentication flow with JWT)
  2. If the access token has expired, then we send a refresh request. The request's body:
{ 
    "refreshTokenValue": "{{REFRESH_TOKEN}}", 
    "clientFingerPrint": "{{FINGERPRINT}}" 
}

The response:

{
    "accessToken": {
        "value": "{{ACCESS_TOKEN_VALUE}}",
        "expiresInUtc": "2021-01-01T00:00:00.0000000Z"
    }
}

Pay attention - it this feature we have a long-lifetime refresh token, so we don't need to send new refresh token in the response

  1. If the refresh token has expired we send an unauthorized error

Feature contract

For configuring login, refresh and different options we can use the following contract:

public IServiceCollection AddLoginWithRefresh(this IServiceCollection services, RefreshTokenOptions refreshTokenOptions = null)

And the .NET6 example will look like this:

using TourmalineCore.AspNetCore.JwtAuthentication.Core;

var builder = WebApplication.CreateBuilder(args);

var configuration = builder.Configuration;

var authenticationOptions = _configuration.GetSection(nameof(AuthenticationOptions)).Get<AuthenticationOptions>();
var refreshTokenOptions = _configuration.GetSection(nameof(RefreshTokenOptions)).Get<RefreshTokenOptions>();

buidler.
    services
        .AddJwtAuthentication(authenticationOptions)
        .AddLoginWithRefresh(refreshTokenOptions);

var app = builder.Build();

app
    .UseJwtAuthentication()
    .UseDefaultLoginMiddleware()
    .UseRefreshTokenMiddleware();

Additional requirements

  • implement the refresh tests (use examples in .net5, .net6)
  • add an example for using refresh without database (for .netcore3.0, netcore3.1, .net5, .net6)
  • add the documentation section to the Core project

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions