/// <summary>
/// JB. Preparing the raw data for the JSON Web Token which will be issued to the requester by providing the issuer, audience, user claims, issue date, expiry date, and the signing Key which will sign the JWT payload.
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey) ? data.Properties.Dictionary[AudiencePropertyKey] : null;
if (string.IsNullOrWhiteSpace(audienceId))
{
throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience");
}
//Audience audience = AudienceStore.FindAudience(audienceId);
Audience audience = _repository.ReturnAudienceById(audienceId);
string symmetricKeyAsBase64 = audience.Base64Secret;
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
//JB. This is IdentityServer (Thinktecture) working.
var signingKey = new HmacSigningCredentials(keyByteArray);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}
public static Audience FindAudience(string clientId)
{
AudienceRepository repo = new AudienceRepository();
return(repo.ReturnAudienceById(clientId));
}