public static JwtSecurityToken Create(string issuer, string originalIssuer, SigningCredentials signingCredentials)
{
JwtPayload payload = new JwtPayload(issuer, "urn:uri", ClaimSets.Simple(issuer, originalIssuer), new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10)));
JwtHeader header = new JwtHeader(signingCredentials);
return(new JwtSecurityToken(header, payload, header.Encode() + "." + payload.Encode() + "."));
}
public void JwtPalyoad_Claims()
{
JwtPayload jwtPayload = new JwtPayload();
// multiple audiences
jwtPayload.Add(JwtRegisteredClaimNames.Aud, IdentityUtilities.DefaultAudiences);
string encodedPayload = jwtPayload.Encode();
JwtPayload newjwtPayload = Base64UrlEncoder.Decode(encodedPayload).DeserializeJwtPayload();
Assert.IsTrue(IdentityComparer.AreEqual(jwtPayload, newjwtPayload));
}
public static JwtSecurityToken Create(string issuer, string originalIssuer, SigningCredentials signingCredentials)
{
JwtPayload payload = new JwtPayload(issuer, "urn:uri", ClaimSets.Simple(issuer, originalIssuer), DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10));
JwtHeader header = new JwtHeader(signingCredentials);
return new JwtSecurityToken(header, payload, header.Encode() + "." + payload.Encode() + ".");
}
/// <summary>
/// Uses the <see cref="JwtSecurityToken(JwtHeader, JwtPayload, string )"/> constructor, first creating the <see cref="JwtHeader"/> and <see cref="JwtPayload"/>.
/// <para>If <see cref="SigningCredentials"/> is not null, <see cref="JwtSecurityToken.RawData"/> will be signed.</para>
/// </summary>
/// <param name="issuer">the issuer of the token.</param>
/// <param name="audience">the audience for this token.</param>
/// <param name="subject">the source of the <see cref="Claim"/>(s) for this token.</param>
/// <param name="notBefore">the notbefore time for this token.</param>
/// <param name="expires">the expiration time for this token.</param>
/// <param name="signingCredentials">contains cryptographic material for generating a signature.</param>
/// <param name="signatureProvider">optional <see cref="SignatureProvider"/>.</param>
/// <remarks>If <see cref="ClaimsIdentity.Actor"/> is not null, then a claim { actort, 'value' } will be added to the payload. <see cref="CreateActorValue"/> for details on how the value is created.
/// <para>See <seealso cref="JwtHeader"/> for details on how the HeaderParameters are added to the header.</para>
/// <para>See <seealso cref="JwtPayload"/> for details on how the values are added to the payload.</para></remarks>
/// <para>If signautureProvider is not null, then it will be used to create the signature and <see cref="System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning( SecurityKey, string )"/> will not be called.</para>
/// <returns>A <see cref="JwtSecurityToken"/>.</returns>
/// <exception cref="ArgumentException">if 'expires' <= 'notBefore'.</exception>
public virtual JwtSecurityToken CreateToken(string issuer = null, string audience = null, ClaimsIdentity subject = null, DateTime? notBefore = null, DateTime? expires = null, SigningCredentials signingCredentials = null, SignatureProvider signatureProvider = null)
{
if (expires.HasValue && notBefore.HasValue)
{
if (notBefore >= expires)
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10401, expires.Value, notBefore.Value));
}
}
// if not set, use defaults
if (!expires.HasValue && !notBefore.HasValue)
{
DateTime now = DateTime.UtcNow;
expires = now + TimeSpan.FromMinutes(TokenLifetimeInMinutes);
notBefore = now;
}
JwtPayload payload = new JwtPayload(issuer, audience, subject == null ? null : subject.Claims, notBefore, expires);
JwtHeader header = new JwtHeader(signingCredentials);
if (subject != null && subject.Actor != null)
{
payload.AddClaim(new Claim(JwtRegisteredClaimNames.Actort, this.CreateActorValue(subject.Actor)));
}
string signature = string.Empty;
string signingInput = string.Concat(header.Encode(), ".", payload.Encode());
if (signatureProvider != null)
{
signature = Base64UrlEncoder.Encode(this.CreateSignature(signingInput, null, null, signatureProvider));
}
else if (signingCredentials != null)
{
signature = Base64UrlEncoder.Encode(this.CreateSignature(signingInput, signingCredentials.SigningKey, signingCredentials.SignatureAlgorithm, signatureProvider));
}
return new JwtSecurityToken(header, payload, string.Concat(signingInput, ".", signature));
}
