private string GenerateTokenFromAzureKeyCredential(DateTimeOffset expiresAt, string userId = default, IEnumerable <string> roles = default) { var keyBytes = Encoding.UTF8.GetBytes(_credential.Key); var jwt = new JwtBuilder(keyBytes); var now = DateTimeOffset.UtcNow; string endpoint = this.endpoint.AbsoluteUri; if (!endpoint.EndsWith("/", StringComparison.Ordinal)) { endpoint += "/"; } var audience = $"{endpoint}client/hubs/{hub}"; if (userId != default) { jwt.AddClaim(JwtBuilder.Sub, userId); } if (roles != default && roles.Any()) { jwt.AddClaim(s_role, roles); } jwt.AddClaim(JwtBuilder.Nbf, now); jwt.AddClaim(JwtBuilder.Exp, expiresAt); jwt.AddClaim(JwtBuilder.Iat, now); jwt.AddClaim(JwtBuilder.Aud, audience); return(jwt.BuildString()); }
/// <summary> /// Creates a URI with authentication token. /// </summary> /// <param name="expiresAt">UTC time when the token expires.</param> /// <param name="userId"></param> /// <param name="roles"></param> /// <returns></returns> public virtual Uri GenerateClientAccessUri(DateTimeOffset expiresAt, string userId = default, params string[] roles) { var keyBytes = Encoding.UTF8.GetBytes(_credential.Key); var jwt = new JwtBuilder(keyBytes); var now = DateTimeOffset.UtcNow; string endpoint = this.endpoint.AbsoluteUri; if (!endpoint.EndsWith("/", StringComparison.Ordinal)) { endpoint += "/"; } var audience = $"{endpoint}client/hubs/{hub}"; if (userId != default) { jwt.AddClaim(JwtBuilder.Sub, userId); } if (roles != default && roles.Length > 0) { jwt.AddClaim(s_role, roles); } jwt.AddClaim(JwtBuilder.Nbf, now); jwt.AddClaim(JwtBuilder.Exp, expiresAt); jwt.AddClaim(JwtBuilder.Iat, now); jwt.AddClaim(JwtBuilder.Aud, audience); string token = jwt.BuildString(); var clientEndpoint = new UriBuilder(endpoint); clientEndpoint.Scheme = this.endpoint.Scheme == "http" ? "ws" : "wss"; var uriString = $"{clientEndpoint}client/hubs/{hub}?access_token={token}"; return(new Uri(uriString)); }