public JsonWebToken Create(JwtUserDto userDto, string[] userRole) { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.SecretKey)); var now = DateTime.UtcNow; var genericIdentity = BuildClaims(userDto, userRole); var expires = now.AddMinutes(_jwtOptions.ExpiryMinutes); var jwt = new JwtSecurityToken( _jwtOptions.Issuer, claims: genericIdentity.Claims, notBefore: now, expires: expires, audience: _jwtOptions.Audience, signingCredentials: _signingCredentials ); var token = new JwtSecurityTokenHandler().WriteToken(jwt); return(new JsonWebToken { AccessToken = token, Identity = genericIdentity.Identity, Claims = genericIdentity.Claims.ToDictionary(p => p.Type, p => p.Value), Expires = ToTimestamp(expires), Id = userDto.Id, RefreshToken = string.Empty, }); }
private static GenericPrincipal BuildClaims(JwtUserDto userDto, string[] userRole) { var claimsIdentity = new ClaimsIdentity("password", ClaimTypes.Name, "AuthApiPolicy"); var now = DateTime.UtcNow; claimsIdentity.AddClaims(new List <Claim>() { new Claim(JwtRegisteredClaimNames.Sub, userDto.Id), new Claim(JwtRegisteredClaimNames.GivenName, userDto.FirstName), new Claim(JwtRegisteredClaimNames.FamilyName, userDto.LastName), new Claim(JwtRegisteredClaimNames.UniqueName, userDto.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, ToTimestamp(now).ToString()), }); if (userRole != null) { claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, string.Join(",", userRole))); } var genericPrincipal = new GenericPrincipal(claimsIdentity, userRole); return(genericPrincipal); }