using Microsoft.Identity.Client; using System.IdentityModel.Tokens.Jwt; namespace DomvsChatBot.MSGraph { public class TokenManager { private readonly IConfiguration _configuration; private readonly string _clienteSecret; private readonly string _tenantId; private readonly string _clientId; public TokenManager(IConfigurationManager configuration) { _configuration = configuration; _clienteSecret = _configuration.GetSection("AppClientSecret").Value; _tenantId = _configuration.GetSection("AppTenantId").Value; _clientId = _configuration.GetSection("AppClientID").Value; } //public async Task ObterEmail(string aadObjectId) //{ // // The Microsoft Entra ID tenant ID or a verified domain (e.g. contoso.onmicrosoft.com) // var tenantId = _tenantId; // // The client ID of the app registered in Microsoft Entra ID // var clientId = _clientId; // // *Never* include client secrets in source code! // var clientSecret = _clienteSecret; // Or some other secure place. // // Create an instance of a TokenCredential. Since we're using the Client Credentials // // flow with a client secret, we use ClientSecretCredential. // var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret); // // The app registration should be configured to require access to permissions // // sufficient for the Microsoft Graph API calls the app will be making, and // // those permissions should be granted by a tenant administrator. // var scopes = new[] { "https://graph.microsoft.com/.default" }; // // Build the Microsoft Graph client // GraphServiceClient graphServiceClient = new GraphServiceClient(clientSecretCredential, scopes); // // Make a Microsoft Graph API request // var users = await graphServiceClient.Users.GetAsync(); // return users.Value.FirstOrDefault(x => x.Id == aadObjectId).Mail; //} //public async Task ObterToken(string userEmail) //{ // try // { // var app = PublicClientApplicationBuilder // .Create(_clientId) // .WithAuthority(AzureCloudInstance.AzurePublic, _tenantId) // .WithDefaultRedirectUri() // .Build(); // string[] scopes = new string[] { // //"https://graph.microsoft.com/.default", // "User.Read", // Exemplo de escopo básico // "email", // "profile", // "openid" // }; // var accounts = await app.GetAccountsAsync(); // string accessToken = ""; // if (accounts.Any()) // { // var result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault()) // .ExecuteAsync(); // accessToken = result.AccessToken; // } // else // { // var interactiveResult = await app // .AcquireTokenInteractive(scopes) // .ExecuteAsync(); // accessToken = interactiveResult.AccessToken; // var email = interactiveResult.Account.Username; // } // return accessToken; // } // catch (Exception ex) // { // // Tratamento de erro // Console.WriteLine($"Erro ao obter token: {ex.Message}"); // return null; // } //} public long GetTokenExpirationTime(string token) { var handler = new JwtSecurityTokenHandler(); var jwtSecurityToken = handler.ReadJwtToken(token); var tokenExp = jwtSecurityToken.Claims.First(claim => claim.Type.Equals("exp")).Value; var ticks = long.Parse(tokenExp); return ticks; } public bool CheckTokenIsValid(string token) { var tokenTicks = GetTokenExpirationTime(token); var tokenDate = DateTimeOffset.FromUnixTimeSeconds(tokenTicks).UtcDateTime; var now = DateTime.Now.ToUniversalTime(); var valid = tokenDate >= now; return valid; } } }