dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(infra): implement GetPrincipalFromExpiredToken in JwtService

Browse Source
This commit is contained in:
dmolinari
2026-04-14 13:28:20 -03:00
parent a363e3658d
commit c910ff2fc5
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/api/SIGCM2.Infrastructure/Security/JwtService.cs
View File

@@ -19,6 +19,31 @@ public sealed class JwtService : IJwtService
_options = options; _options = options;
} }
/// <inheritdoc/>
public ClaimsPrincipal GetPrincipalFromExpiredToken(string accessToken)
{
var parameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = _options.Issuer,
ValidateAudience = true,
ValidAudience = _options.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new RsaSecurityKey(_rsa),
ValidateLifetime = false, // Key: accept expired tokens in refresh flow
ClockSkew = TimeSpan.Zero,
};
var handler = new JwtSecurityTokenHandler();
var principal = handler.ValidateToken(accessToken, parameters, out var securityToken);
if (securityToken is not JwtSecurityToken jwt ||
!jwt.Header.Alg.Equals(SecurityAlgorithms.RsaSha256, StringComparison.OrdinalIgnoreCase))
throw new SecurityTokenException("Invalid token algorithm");
return principal;
}
public string GenerateAccessToken(Usuario usuario) public string GenerateAccessToken(Usuario usuario)
{ {
var signingKey = new RsaSecurityKey(_rsa); var signingKey = new RsaSecurityKey(_rsa);