private static string CreateJwt()
{
DateTime UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
DateTime now = DateTime.UtcNow;
var claimset = new
{
iss = ISS,
sub = CLIENT_ID,
aud = "https://go.nexusgroup.com",
iat = (int)now.Subtract(UnixEpoch).TotalSeconds,
exp = (int)now.AddMinutes(55).Subtract(UnixEpoch).TotalSeconds
};
// header
var header = new { typ = "JWT", alg = JsonWebKeySignatureAlgorithm.RS256, kid = KEY };
// encoded header
var headerSerialized = JsonConvert.SerializeObject(header);
var headerBytes = Encoding.UTF8.GetBytes(headerSerialized);
var headerEncoded = System.Convert.ToBase64String(headerBytes);
// encoded claimset
var claimsetSerialized = JsonConvert.SerializeObject(claimset);
var claimsetBytes = Encoding.UTF8.GetBytes(claimsetSerialized);
var claimsetEncoded = System.Convert.ToBase64String(claimsetBytes);
// input
var input = String.Join(".", headerEncoded, claimsetEncoded);
var inputBytes = Encoding.UTF8.GetBytes(input);
var signatureEncoded = KeyVaultUtil.Sign(inputBytes);
// jwt
return(String.Join(".", headerEncoded, claimsetEncoded, signatureEncoded));
}
public static JsonWebKeySet GetJwks()
{
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(
(authority, resource, scope) => KeyVaultUtil.GetToken(authority, resource, scope)));
var key = Task.Run(() => keyVaultClient.GetKeyAsync(SignKey())).ConfigureAwait(false).GetAwaiter().GetResult();
var e = Base64UrlEncoder.Encode(key.Key.E);
var n = Base64UrlEncoder.Encode(key.Key.E);
var jsonWebKey = new Microsoft.IdentityModel.Tokens.JsonWebKey()
{
Kid = KEY,
Kty = "RSA",
E = Base64UrlEncoder.Encode(key.Key.E),
N = Base64UrlEncoder.Encode(key.Key.N),
Alg = "RS256"
};
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
jsonWebKeySet.Keys.Add(jsonWebKey);
return(jsonWebKeySet);
}
public static string Sign(byte[] inputBytes)
{
// signature
SHA256 sha256 = SHA256Managed.Create();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(
(authority, resource, scope) => KeyVaultUtil.GetToken(authority, resource, scope)));
KeyOperationResult resultSign = Task.Run(() => keyVaultClient.SignAsync(SignKey(),
JsonWebKeySignatureAlgorithm.RS256, sha256.ComputeHash(inputBytes)))
.ConfigureAwait(false).GetAwaiter().GetResult();
var signatureEncoded = System.Convert.ToBase64String(resultSign.Result);
return(signatureEncoded);
}
