Chris Chen
f74563bb36
- ITokenService: GenerateAccessToken / GenerateRefreshToken / HashToken - TokenService: JWT (HS256, 15-min), 64-byte CSPRNG refresh, SHA-256 hex hash - Role claims use short JWT name role (v7.x JsonWebTokenHandler compatible) - TokenServiceTests: 7 xUnit tests, payload decoded via Base64Url+System.Text.Json to avoid Microsoft.IdentityModel 7.1.2/7.5.2 version-mismatch issues Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
16 lines
553 B
C#
16 lines
553 B
C#
using ROLAC.API.Entities;
|
|
|
|
namespace ROLAC.API.Services;
|
|
|
|
public interface ITokenService
|
|
{
|
|
/// <summary>Generates a signed HS256 JWT containing userId, email, and roles claims.</summary>
|
|
string GenerateAccessToken(AppUser user, IList<string> roles);
|
|
|
|
/// <summary>Generates a cryptographically-random 64-byte base64 string (the raw token value).</summary>
|
|
string GenerateRefreshToken();
|
|
|
|
/// <summary>Returns the SHA-256 hex hash of the raw token. Always hash before storing to DB.</summary>
|
|
string HashToken(string rawToken);
|
|
}
|