private string GenerateTokenFromAzureKeyCredential(DateTimeOffset expiresAt, string userId = default, IEnumerable <string> roles = default)
{
var keyBytes = Encoding.UTF8.GetBytes(_credential.Key);
var jwt = new JwtBuilder(keyBytes);
var now = DateTimeOffset.UtcNow;
string endpoint = this.endpoint.AbsoluteUri;
if (!endpoint.EndsWith("/", StringComparison.Ordinal))
{
endpoint += "/";
}
var audience = $"{endpoint}client/hubs/{hub}";
if (userId != default)
{
jwt.AddClaim(JwtBuilder.Sub, userId);
}
if (roles != default && roles.Any())
{
jwt.AddClaim(s_role, roles);
}
jwt.AddClaim(JwtBuilder.Nbf, now);
jwt.AddClaim(JwtBuilder.Exp, expiresAt);
jwt.AddClaim(JwtBuilder.Iat, now);
jwt.AddClaim(JwtBuilder.Aud, audience);
return(jwt.BuildString());
}
/// <summary>
/// Creates a URI with authentication token.
/// </summary>
/// <param name="expiresAt">UTC time when the token expires.</param>
/// <param name="userId"></param>
/// <param name="roles"></param>
/// <returns></returns>
public virtual Uri GenerateClientAccessUri(DateTimeOffset expiresAt, string userId = default, params string[] roles)
{
var keyBytes = Encoding.UTF8.GetBytes(_credential.Key);
var jwt = new JwtBuilder(keyBytes);
var now = DateTimeOffset.UtcNow;
string endpoint = this.endpoint.AbsoluteUri;
if (!endpoint.EndsWith("/", StringComparison.Ordinal))
{
endpoint += "/";
}
var audience = $"{endpoint}client/hubs/{hub}";
if (userId != default)
{
jwt.AddClaim(JwtBuilder.Sub, userId);
}
if (roles != default && roles.Length > 0)
{
jwt.AddClaim(s_role, roles);
}
jwt.AddClaim(JwtBuilder.Nbf, now);
jwt.AddClaim(JwtBuilder.Exp, expiresAt);
jwt.AddClaim(JwtBuilder.Iat, now);
jwt.AddClaim(JwtBuilder.Aud, audience);
string token = jwt.BuildString();
var clientEndpoint = new UriBuilder(endpoint);
clientEndpoint.Scheme = this.endpoint.Scheme == "http" ? "ws" : "wss";
var uriString = $"{clientEndpoint}client/hubs/{hub}?access_token={token}";
return(new Uri(uriString));
}
