/// <summary>
/// Gets the access token of an user that associate with a session and return a JSON Web Token
/// </summary>
/// <param name="userID">The string that presents the identity of the user</param>
/// <param name="sessionID">The string that presents the identity of the associated session</param>
/// <param name="roles">The collection that presents the roles that the user was belong to</param>
/// <param name="privileges">The collection that presents the access privileges that the user was got</param>
/// <param name="key">The key used to encrypt and sign</param>
/// <param name="onCompleted">The action to run to modify playload (if needed) when the processing is completed</param>
/// <param name="hashAlgorithm">The hash algorithm used to hash and sign (md5, sha1, sha256, sha384, sha512, ripemd/ripemd160, blake128, blake/blake256, blake384, blake512)</param>
/// <returns>A JSON Web Token that presents the access token</returns>
public static string GetAccessToken(string userID, string sessionID, IEnumerable <string> roles, IEnumerable <Privilege> privileges, BigInteger key, Action <JObject> onCompleted = null, string hashAlgorithm = "BLAKE256")
{
var token = new JObject
{
{ "jti", sessionID },
{ "uid", userID },
{ "rls", (roles ?? new List <string>()).Distinct(StringComparer.OrdinalIgnoreCase).ToJArray() },
{ "pls", (privileges ?? new List <Privilege>()).ToJArray() }
}.ToString(Formatting.None);
var hash = token.GetHash(hashAlgorithm);
var signature = key.Sign(hash);
var publicKey = key.GenerateECCPublicKey();
var payload = new JObject
{
{ "iat", DateTime.Now.ToUnixTimestamp() },
{ "exp", DateTime.Now.AddDays(90).ToUnixTimestamp() },
{ "nbf", DateTime.Now.AddDays(-30).ToUnixTimestamp() },
{ "jti", publicKey.Encrypt(sessionID.HexToBytes()).ToHex() },
{ "uid", userID },
{ "atk", publicKey.Encrypt(token, true) },
{ "ath", hash.ToHex() },
{ "sig", ECCsecp256k1.GetSignature(signature) }
};
onCompleted?.Invoke(payload);
return(JSONWebToken.Encode(payload, ECCsecp256k1.GetPublicKey(publicKey).ToHex(), hashAlgorithm));
}
/// <summary>
/// Gets the authenticate token of an user that associate with a session and return a JSON Web Token
/// </summary>
/// <param name="userID">The string that presents identity of an user</param>
/// <param name="sessionID">The string that presents identity of working session that associated with user</param>
/// <param name="encryptionKey">The passphrase that used to encrypt data using AES</param>
/// <param name="signKey">The passphrase that used to sign the token</param>
/// <param name="onCompleted">The action to run when the processing is completed</param>
/// <returns>A JSON Web Token that presents the authenticate token</returns>
public static string GetAuthenticateToken(string userID, string sessionID, string encryptionKey, string signKey, Action <JObject> onCompleted = null)
{
var payload = new JObject
{
{ "iat", DateTime.Now.ToUnixTimestamp() },
{ "jti", $"{userID}@{sessionID}".GetHMACBLAKE256(encryptionKey) },
{ "sid", sessionID.HexToBytes().Encrypt(encryptionKey.GenerateHashKey(256), encryptionKey.GenerateHashKey(128)).ToHex() },
{ "aud", (string.IsNullOrWhiteSpace(userID) ? UtilityService.BlankUUID : userID).GetHMACBLAKE128(signKey) },
{ "uid", userID }
};
onCompleted?.Invoke(payload);
return(JSONWebToken.Encode(payload, signKey));
}
