private async Task<string> SignInAsync(User user, bool twoFactor)
{
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
DateTime? tokenExpiration = null;
var userPrincipal = await CreateUserPrincipalAsync(user);
if(twoFactor)
{
userPrincipal.Identities.First().AddClaim(new Claim(ClaimTypes.AuthenticationMethod, JwtIdentityOptions.TwoFactorAuthenticationMethod));
if(JwtIdentityOptions.TwoFactorTokenLifetime.HasValue)
{
tokenExpiration = DateTime.UtcNow.Add(JwtIdentityOptions.TwoFactorTokenLifetime.Value);
}
}
else
{
userPrincipal.Identities.First().AddClaim(new Claim(ClaimTypes.AuthenticationMethod, JwtIdentityOptions.AuthenticationMethod));
if(JwtIdentityOptions.TokenLifetime.HasValue)
{
tokenExpiration = DateTime.UtcNow.Add(JwtIdentityOptions.TokenLifetime.Value);
}
}
var descriptor = new SecurityTokenDescriptor
{
Issuer = JwtIdentityOptions.Issuer,
SigningCredentials = JwtIdentityOptions.SigningCredentials,
Audience = JwtIdentityOptions.Audience,
Subject = userPrincipal.Identities.First(),
Expires = tokenExpiration
};
var securityToken = handler.CreateToken(descriptor);
return handler.WriteToken(securityToken);
}