ep-cc · June 17, 2024 11:37
diff --git a/AuthController.cs b/AuthController.cs
 [HttpPost("login")]
    public async Task<IActionResult> Login([FromBody] LoginRquest login)
    {
        try
        {
            var user = await _userService.AuthenticateUser(login);
            
            var token = GenerateToken(user);
            // This is the extra step
            HttpContext.Response.Cookies.Append("access_token", token, new CookieOptions{HttpOnly = true});
            
            // We can also return the user info in the response body
            return Ok();
        }
        catch (Exception e)
        {
            return BadRequest(new { message = e.Message });
        }
        
    }
diff --git a/Program.cs b/Program.cs
 // Read the token value from the cookie

 void AddAuthentication()
        {
            builder.Services
                .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        ClockSkew = TimeSpan.Zero,
                        ValidateIssuer = true,
                        ValidateAudience = true,
                        ValidateLifetime = true,
                        ValidateIssuerSigningKey = true,
                        ValidIssuer = builder.Configuration["Jwt:Issuer"],
                        ValidAudience = builder.Configuration["Jwt:Audience"],
                        IssuerSigningKey = new SymmetricSecurityKey(
                            Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])
                        ),
                    };

                    options.Events = new JwtBearerEvents()
                    {
                        OnMessageReceived = ctx =>
                        {
                            ctx.Token = ctx.Request.Cookies["access_token"];
                            return Task.CompletedTask;
                        } 
                    };
                });
        }
	[HttpPost("login")]
	public async Task<IActionResult> Login([FromBody] LoginRquest login)
	{
	try
	{
	var user = await _userService.AuthenticateUser(login);

	var token = GenerateToken(user);
	// This is the extra step
	HttpContext.Response.Cookies.Append("access_token", token, new CookieOptions{HttpOnly = true});

	// We can also return the user info in the response body
	return Ok();
	}
	catch (Exception e)
	{
	return BadRequest(new { message = e.Message });
	}

	}
	// Read the token value from the cookie

	void AddAuthentication()
	{
	builder.Services
	.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
	.AddJwtBearer(options =>
	{
	options.TokenValidationParameters = new TokenValidationParameters()
	{
	ClockSkew = TimeSpan.Zero,
	ValidateIssuer = true,
	ValidateAudience = true,
	ValidateLifetime = true,
	ValidateIssuerSigningKey = true,
	ValidIssuer = builder.Configuration["Jwt:Issuer"],
	ValidAudience = builder.Configuration["Jwt:Audience"],
	IssuerSigningKey = new SymmetricSecurityKey(
	Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])
	),
	};

	options.Events = new JwtBearerEvents()
	{
	OnMessageReceived = ctx =>
	{
	ctx.Token = ctx.Request.Cookies["access_token"];
	return Task.CompletedTask;
	}
	};
	});
	}