using System.Security.Claims;
using Domain.Entities;
namespace Features.Auth.Services;
///
/// Identifies the kind of token being generated or validated.
///
public enum TokenType
{
/// A short-lived token used to authorize API requests.
AccessToken,
/// A long-lived token used to obtain new access tokens.
RefreshToken,
/// A short-lived token used to confirm a user's email/account.
ConfirmationToken
}
///
/// Represents the result of successfully validating a token.
///
/// The unique identifier of the user the token belongs to.
/// The username extracted from the token's claims.
/// The produced from the validated token.
public record ValidatedToken(Guid UserId, string Username, ClaimsPrincipal Principal);
///
/// Represents the result of refreshing a user's session.
///
/// The user account associated with the refreshed session.
/// The newly issued refresh token.
/// The newly issued access token.
public record RefreshTokenResult(
UserAccount UserAccount,
string RefreshToken,
string AccessToken
);
///
/// Defines the expiration windows, in hours, for each type of token issued by .
///
public static class TokenServiceExpirationHours
{
/// The expiration window, in hours, for access tokens.
public const double AccessTokenHours = 1;
/// The expiration window, in hours, for refresh tokens (21 days).
public const double RefreshTokenHours = 504; // 21 days
/// The expiration window, in hours, for confirmation tokens (30 minutes).
public const double ConfirmationTokenHours = 0.5; // 30 minutes
}
///
/// Defines operations for generating and validating JWTs used for access, refresh, and account confirmation.
///
public interface ITokenService
{
///
/// Generates a new access token for the given user.
///
/// The user account to generate the token for.
/// The signed access token string.
string GenerateAccessToken(UserAccount user);
///
/// Generates a new refresh token for the given user.
///
/// The user account to generate the token for.
/// The signed refresh token string.
string GenerateRefreshToken(UserAccount user);
///
/// Generates a new confirmation token for the given user.
///
/// The user account to generate the token for.
/// The signed confirmation token string.
string GenerateConfirmationToken(UserAccount user);
///
/// Generates a token of the type specified by , which must be .
///
/// The enum type identifying which kind of token to generate. Must be .
/// The user account to generate the token for.
/// The signed token string corresponding to the requested token type.
string GenerateToken(UserAccount user) where T : struct, Enum;
///
/// Validates an access token.
///
/// The access token string to validate.
/// A describing the token's claims.
Task ValidateAccessTokenAsync(string token);
///
/// Validates a refresh token.
///
/// The refresh token string to validate.
/// A describing the token's claims.
Task ValidateRefreshTokenAsync(string token);
///
/// Validates a confirmation token.
///
/// The confirmation token string to validate.
/// A describing the token's claims.
Task ValidateConfirmationTokenAsync(string token);
///
/// Validates a refresh token and issues a new access/refresh token pair for the associated user.
///
/// The refresh token string to validate and exchange.
/// A containing the user and newly issued tokens.
Task RefreshTokenAsync(string refreshTokenString);
}