You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to generate and validate a token with DataProtectorTokenProvider<TUser>
I generate the code using GenerateAsync method in POST Action and then use ValidateAsync to validate it in another action PUT
public class VerifyPhoneNumberController : ControllerBase
{
...
private readonly DataProtectorTokenProvider<ApplicationUser> _dataProtectorTokenProvider;
private readonly UserManager<ApplicationUser> _userManager;
...
public VerifyPhoneNumberController(DataProtectorTokenProvider<ApplicationUser> dataProtectorTokenProvider,
UserManager<ApplicationUser> userManager)
{
...
_dataProtectorTokenProvider = dataProtectorTokenProvider ?? throw new ArgumentNullException(nameof(dataProtectorTokenProvider));
_userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
...
}
public async Task<IActionResult> Post([FromBody] PhoneLoginRequest request)
{
...
var resendToken = await _dataProtectorTokenProvider.GenerateAsync("resend_token", _userManager, user);
// here token is valid
var isTokenValid = await _dataProtectorTokenProvider.ValidateAsync("resend_token", resendToken, _userManager, user);
...
}
public async Task<IActionResult> Put([FromBody] ResendOtpCodeRequest request)
{
...
// same token here is invalid
if (!await _dataProtectorTokenProvider.ValidateAsync("resend_token", request.ResendToken, _userManager, user))
{
return BadRequest("Invalid resend token");
}
...
}
}
However, the response from the ValidateAsync method is always false.
When I generate the code and validate within the same action(POST), it return true.
Why I can't call method ValidateAsync in a separate request ?
I debug ValidateAsync method and for somehow it returning false when it tries to compare the userId and actualUserdId Both (userId, actualUserId) are set (Guid values) but different ? How possible ?
var userId = reader.ReadString();
var actualUserId = await manager.GetUserIdAsync(user);
if (userId != actualUserId)
{
Logger.UserIdsNotEquals();
return false;
}
Am I missing something obvious ?
It is like the DataProtectorTokenProvider injected in my controller is not keeping data in memory.
Am I getting new instance of DataProtectorTokenProvider per request ?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to generate and validate a token with
DataProtectorTokenProvider<TUser>I generate the code using GenerateAsync method in POST Action and then use ValidateAsync to validate it in another action PUT
However, the response from the ValidateAsync method is always false.
When I generate the code and validate within the same action(POST), it return true.
Why I can't call method ValidateAsync in a separate request ?
I debug ValidateAsync method and for somehow it returning false when it tries to compare the userId and actualUserdId
Both (userId, actualUserId) are set (Guid values) but different ? How possible ?
Am I missing something obvious ?
It is like the DataProtectorTokenProvider injected in my controller is not keeping data in memory.
Am I getting new instance of DataProtectorTokenProvider per request ?
Beta Was this translation helpful? Give feedback.
All reactions