public string GetToken(JwtRequest request, JwtType type)
{
_rsa.ImportRSAPrivateKey(_privateKey, out _);
var jwtHandler = new JwtSecurityTokenHandler();
var claims = new List <Claim>();
switch (type)
{
case JwtType.IdToken:
claims.Add(new Claim("email", request.email ?? ""));
claims.Add(new Claim("phone_number", request.phoneNumber ?? ""));
break;
case JwtType.AccessToken:
claims.Add(new Claim("client_id", _aud));
claims.Add(new Claim("scope", request.scope));
break;
}
claims.Add(new Claim("sub", request.subject));
claims.Add(new Claim("username", request.username));
foreach (var rclaim in request.claims)
{
claims.Add(new Claim(rclaim.Key, rclaim.Value));
}
var descriptor = new SecurityTokenDescriptor
{
Issuer = _iss,
Subject = new ClaimsIdentity(claims),
Expires = DateTime.UtcNow.AddHours(12),
SigningCredentials = new SigningCredentials(new RsaSecurityKey(_rsa)
{
KeyId = _kid
}, SecurityAlgorithms.RsaSha256)
};
if (type == JwtType.IdToken)
{
descriptor.Audience = _aud;
}
var jwtToken = jwtHandler.CreateToken(descriptor);
var b64token = jwtHandler.WriteToken(jwtToken);
return(b64token);
}
/// <summary>
/// Function that takes in a JwtRequest that specifies either requestType = 0 (to generate tokens) or 1 (to generate the JWKS json)
/// </summary>
/// <param name="request"></param>
/// <param name="context"></param>
/// <returns>JwtResponse</returns>
public JwtResponse FunctionHandler(JwtRequest request, ILambdaContext context)
{
if (request.requestType == RequestType.Jwks)
{
return new JwtResponse {
Jwks = builder.GetJwks()
}
}
;
if (request.claims == null)
{
request.claims = Array.Empty <KeyValuePair <string, string> >();
}
return(new JwtResponse
{
IdToken = builder.GetToken(request, JwtType.IdToken),
AccessToken = builder.GetToken(request, JwtType.AccessToken)
});
}
}