iot/projects/Infrastructure/Web/JwtTokenValidator.cs

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Linq;

namespace Infrastructure.Web
{
    public class JwtTokenValidator : ISecurityTokenValidator
    {
        private ServiceProvider _serviceProvider;

        public JwtTokenValidator(ServiceProvider serviceProvider)
        {
            this._serviceProvider = serviceProvider;
        }

        public bool CanValidateToken => true;

        public int MaximumTokenSizeInBytes
        {
            get { throw new NotImplementedException(); }
            set { throw new NotImplementedException(); }
        }

        public bool CanReadToken(string securityToken) => true;

        public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
        {
            validatedToken = new JwtSecurityTokenHandler().ReadJwtToken(securityToken);
            var claims = (validatedToken as JwtSecurityToken).Claims.ToList();
            var userName = claims.FirstOrDefault(o => o.Type == ClaimTypes.Name).Value;
            using var scope = this._serviceProvider.CreateScope();
            var roles = scope.ServiceProvider.GetService<IRoleService>().GetRoles(userName).Select(o => new Claim(ClaimTypes.Role, o));
            claims.AddRange(roles);
            return new ClaimsPrincipal(new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme));
        }
    }
}