I have a .net core application, where i make, after a register, an email token and i send it via email. The idea is, the user can come with that email token in the client app, and i want to check the validity of it (if it expired, if it's the right token associated with the given email).
I tried to find in userManager any method that i can use. What i found is VerifyUserTokenAsync(ApplicationUser user, string tokenProvider, string purpose, string token) but i don't know what to pass in the parameters.
So, can anyone help with the tokenProvider and purpose
I want to mention that the email token is generated with GenerateEmailConfirmationTokenAsync. I can check the token with ConfirmEmailAsync, if the result isn't succeeded, the token is invalid, but i don't want to set EmailConfirmed to true if the token is valid.
A useful way to solve this problem is to look at the implementation of ConfirmEmailAsync:
public virtual async Task<IdentityResult> ConfirmEmailAsync(TUser user, string token)
{
// ...
if (!await VerifyUserTokenAsync(user, Options.Tokens.EmailConfirmationTokenProvider, ConfirmEmailTokenPurpose, token))
{
return IdentityResult.Failed(ErrorDescriber.InvalidToken());
}
// ...
}
As might be expected, ConfirmEmailAsync makes a call to VerifyUserTokenAsync. The second and third parameters (tokenProvider and purpose) passed into this method are provided using properties of the UserManager class itself. Looking at the source again, it's clear that both Options and ConfirmEmailTokenPurpose are public:
public const string ConfirmEmailTokenPurpose = "EmailConfirmation";
// ...
public IdentityOptions Options { get; set; }
Given all of this, you can call VerifyUserTokenAsync like so:
await userManager.VerifyUserTokenAsync(
userYouAlreadyHave,
userManager.Options.Tokens.EmailConfirmationTokenProvider,
userManager.ConfirmEmailTokenPurpose,
tokenYouAlreadyHave);
If this call returns true, the token is valid.