private string GetJwt(OAuth2Params oauthParams) { _fileReader.Open(oauthParams.CertificateFilePath); var pemReader = new PemReader(_fileReader.Reader); var keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject(); var rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private); var rsa = new RSACryptoServiceProvider(2048); rsa.ImportParameters(rsaParams); var tokenHandler = new JwtSecurityTokenHandler(); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim("scope", oauthParams.ScopesAsString()) }), Issuer = oauthParams.ClientId, Audience = oauthParams.Audience, Expires = now.AddHours(1), SigningCredentials = new SigningCredentials(new RsaSecurityKey(rsa), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") }; return(tokenHandler.CreateEncodedJwt(tokenDescriptor)); }
public async Task <AccessToken> GetAccessTokenAsync(OAuth2Params oauthParams) { var jwt = GetJwt(oauthParams); var form = new FormUrlEncodedContent(new [] { new KeyValuePair <string, string>("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"), new KeyValuePair <string, string>("assertion", jwt), new KeyValuePair <string, string>("client_id", oauthParams.ClientId), new KeyValuePair <string, string>("client_secret", oauthParams.ClientSecret) }); var request = new HttpRequestMessage(HttpMethod.Post, oauthParams.AuthServerUri) { Content = form }; request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); var response = await _httpClient.SendAsync(request); if (!response.IsSuccessStatusCode) { throw new WebException($"Unable to obtain an access token. HTTP Status Code: {response.StatusCode}"); } var content = JObject.Parse(await response.Content.ReadAsStringAsync()); return(new AccessToken { Token = content["access_token"].Value <string>(), Expires = DateTime.UtcNow.AddSeconds(content["expires_in"].Value <int>()) }); }