117 lines
4.5 KiB
C#
117 lines
4.5 KiB
C#
using Microsoft.Identity.Client;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
|
|
namespace DomvsChatBot.MSGraph
|
|
{
|
|
public class TokenManager
|
|
{
|
|
private readonly IConfiguration _configuration;
|
|
private readonly string _clienteSecret;
|
|
private readonly string _tenantId;
|
|
private readonly string _clientId;
|
|
|
|
public TokenManager(IConfigurationManager configuration)
|
|
{
|
|
_configuration = configuration;
|
|
_clienteSecret = _configuration.GetSection("AppClientSecret").Value;
|
|
_tenantId = _configuration.GetSection("AppTenantId").Value;
|
|
_clientId = _configuration.GetSection("AppClientID").Value;
|
|
}
|
|
|
|
//public async Task<string> ObterEmail(string aadObjectId)
|
|
//{
|
|
// // The Microsoft Entra ID tenant ID or a verified domain (e.g. contoso.onmicrosoft.com)
|
|
// var tenantId = _tenantId;
|
|
|
|
// // The client ID of the app registered in Microsoft Entra ID
|
|
// var clientId = _clientId;
|
|
|
|
// // *Never* include client secrets in source code!
|
|
// var clientSecret = _clienteSecret; // Or some other secure place.
|
|
|
|
// // Create an instance of a TokenCredential. Since we're using the Client Credentials
|
|
// // flow with a client secret, we use ClientSecretCredential.
|
|
// var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
|
|
|
// // The app registration should be configured to require access to permissions
|
|
// // sufficient for the Microsoft Graph API calls the app will be making, and
|
|
// // those permissions should be granted by a tenant administrator.
|
|
// var scopes = new[] { "https://graph.microsoft.com/.default" };
|
|
|
|
// // Build the Microsoft Graph client
|
|
// GraphServiceClient graphServiceClient = new GraphServiceClient(clientSecretCredential, scopes);
|
|
|
|
// // Make a Microsoft Graph API request
|
|
// var users = await graphServiceClient.Users.GetAsync();
|
|
|
|
// return users.Value.FirstOrDefault(x => x.Id == aadObjectId).Mail;
|
|
//}
|
|
//public async Task<string> ObterToken(string userEmail)
|
|
//{
|
|
// try
|
|
// {
|
|
// var app = PublicClientApplicationBuilder
|
|
// .Create(_clientId)
|
|
// .WithAuthority(AzureCloudInstance.AzurePublic, _tenantId)
|
|
// .WithDefaultRedirectUri()
|
|
// .Build();
|
|
|
|
// string[] scopes = new string[] {
|
|
// //"https://graph.microsoft.com/.default",
|
|
// "User.Read", // Exemplo de escopo básico
|
|
// "email",
|
|
// "profile",
|
|
// "openid"
|
|
// };
|
|
|
|
// var accounts = await app.GetAccountsAsync();
|
|
// string accessToken = "";
|
|
// if (accounts.Any())
|
|
// {
|
|
// var result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
|
|
// .ExecuteAsync();
|
|
// accessToken = result.AccessToken;
|
|
// }
|
|
// else
|
|
// {
|
|
// var interactiveResult = await app
|
|
// .AcquireTokenInteractive(scopes)
|
|
// .ExecuteAsync();
|
|
|
|
// accessToken = interactiveResult.AccessToken;
|
|
// var email = interactiveResult.Account.Username;
|
|
// }
|
|
|
|
// return accessToken;
|
|
// }
|
|
// catch (Exception ex)
|
|
// {
|
|
// // Tratamento de erro
|
|
// Console.WriteLine($"Erro ao obter token: {ex.Message}");
|
|
// return null;
|
|
// }
|
|
//}
|
|
|
|
public long GetTokenExpirationTime(string token)
|
|
{
|
|
var handler = new JwtSecurityTokenHandler();
|
|
var jwtSecurityToken = handler.ReadJwtToken(token);
|
|
var tokenExp = jwtSecurityToken.Claims.First(claim => claim.Type.Equals("exp")).Value;
|
|
var ticks = long.Parse(tokenExp);
|
|
return ticks;
|
|
}
|
|
|
|
public bool CheckTokenIsValid(string token)
|
|
{
|
|
var tokenTicks = GetTokenExpirationTime(token);
|
|
var tokenDate = DateTimeOffset.FromUnixTimeSeconds(tokenTicks).UtcDateTime;
|
|
|
|
var now = DateTime.Now.ToUniversalTime();
|
|
|
|
var valid = tokenDate >= now;
|
|
|
|
return valid;
|
|
}
|
|
}
|
|
}
|