using System.Security.Claims; using Domain.Entities; namespace Features.Auth.Services; /// /// Identifies the kind of token being generated or validated. /// public enum TokenType { /// A short-lived token used to authorize API requests. AccessToken, /// A long-lived token used to obtain new access tokens. RefreshToken, /// A short-lived token used to confirm a user's email/account. ConfirmationToken, } /// /// Represents the result of successfully validating a token. /// /// The unique identifier of the user the token belongs to. /// The username extracted from the token's claims. /// The produced from the validated token. public record ValidatedToken(Guid UserId, string Username, ClaimsPrincipal Principal); /// /// Represents the result of refreshing a user's session. /// /// The user account associated with the refreshed session. /// The newly issued refresh token. /// The newly issued access token. public record RefreshTokenResult(UserAccount UserAccount, string RefreshToken, string AccessToken); /// /// Defines the expiration windows, in hours, for each type of token issued by . /// public static class TokenServiceExpirationHours { /// The expiration window, in hours, for access tokens. public const double AccessTokenHours = 1; /// The expiration window, in hours, for refresh tokens (21 days). public const double RefreshTokenHours = 504; // 21 days /// The expiration window, in hours, for confirmation tokens (30 minutes). public const double ConfirmationTokenHours = 0.5; // 30 minutes } /// /// Defines operations for generating and validating JWTs used for access, refresh, and account confirmation. /// public interface ITokenService { /// /// Generates a new access token for the given user. /// /// The user account to generate the token for. /// The signed access token string. string GenerateAccessToken(UserAccount user); /// /// Generates a new refresh token for the given user. /// /// The user account to generate the token for. /// The signed refresh token string. string GenerateRefreshToken(UserAccount user); /// /// Generates a new confirmation token for the given user. /// /// The user account to generate the token for. /// The signed confirmation token string. string GenerateConfirmationToken(UserAccount user); /// /// Generates a token of the type specified by , which must be . /// /// The enum type identifying which kind of token to generate. Must be . /// The user account to generate the token for. /// The signed token string corresponding to the requested token type. string GenerateToken(UserAccount user) where T : struct, Enum; /// /// Validates an access token. /// /// The access token string to validate. /// A describing the token's claims. Task ValidateAccessTokenAsync(string token); /// /// Validates a refresh token. /// /// The refresh token string to validate. /// A describing the token's claims. Task ValidateRefreshTokenAsync(string token); /// /// Validates a confirmation token. /// /// The confirmation token string to validate. /// A describing the token's claims. Task ValidateConfirmationTokenAsync(string token); /// /// Validates a refresh token and issues a new access/refresh token pair for the associated user. /// /// The refresh token string to validate and exchange. /// A containing the user and newly issued tokens. Task RefreshTokenAsync(string refreshTokenString); }