fix(#25): this commit updates method to include audiences parameter for improved token generation

https-richardy · https-richardy · commit 9a12a0323ccd · 2026-04-25T10:48:52.000-03:00
diff --git a/Applications/Backend/Source/HttpsRichardy.Federation.Infrastructure/Security/JwtSecurityTokenService.cs b/Applications/Backend/Source/HttpsRichardy.Federation.Infrastructure/Security/JwtSecurityTokenService.cs
@@ -12,7 +12,7 @@ IHostInformationProvider host
     private readonly TimeSpan _accessTokenDuration = TimeSpan.FromHours(2);
     private readonly TimeSpan _refreshTokenDuration = TimeSpan.FromDays(7);
 
-    public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, CancellationToken cancellation = default)
+    public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, IEnumerable<Audience> audiences, CancellationToken cancellation = default)
     {
         var filters = GroupFilters.WithSpecifications()
             .WithRealmId(user.RealmId)
@@ -31,6 +31,12 @@ public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, Can
             .ToList();
 
         var tokenHandler = new JwtSecurityTokenHandler();
+        var resolvedAudiences = audiences
+            .Where(audience => !string.IsNullOrWhiteSpace(audience.Value))
+            .Select(audience => audience.Value.Trim())
+            .Distinct(StringComparer.Ordinal)
+            .ToList();
+
         var claims = new ClaimsBuilder()
             .WithSubject(user.Id.ToString())
             .WithUsername(user.Username)
@@ -43,10 +49,15 @@ public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, Can
         claims.WithClaim(IdentityClaimNames.Realm, realm.Name);
         claims.WithClaim(IdentityClaimNames.RealmId, realm.Id);
 
+        if (resolvedAudiences.Count > 0)
+        {
+            claims.WithAudiences(resolvedAudiences);
+        }
+
         var claimsIdentity = new ClaimsIdentity(claims.Build());
         var tokenDescriptor = new SecurityTokenDescriptor
         {
-            Audience = realm.Name,
+            Audience = resolvedAudiences.Count > 0 ? null : realm.Name,
             Subject = claimsIdentity,
             Issuer = host.Address.ToString().TrimEnd('/'),
             SigningCredentials = credentials,
@@ -66,6 +77,9 @@ public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, Can
         return Result<SecurityToken>.Success(securityToken);
     }
 
+    public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(User user, CancellationToken cancellation = default)
+        => await GenerateAccessTokenAsync(user, [], cancellation);
+
     public async Task<Result<SecurityToken>> GenerateAccessTokenAsync(Client client, CancellationToken cancellation = default)
     {
         var tokenHandler = new JwtSecurityTokenHandler();
