public static string GenerateToken(this ClaimsIdentity identity, string audienceId, string symmetricKeyAsBase64, string issuer, DateTimeOffset? issued, DateTimeOffset? expires)
{
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey = new HmacSigningCredentials(keyByteArray);
var token = new JwtSecurityToken(issuer, audienceId, identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
var handler = new JwtSecurityTokenHandler();
string jwt = handler.WriteToken(token);
return jwt;
}
public RequestDetailsScope(RequestDetails details, SigningCredentials signingCredentials, bool requireEncryption)
: base(details.Realm.Uri.AbsoluteUri, signingCredentials)
{
RequestDetails = details;
if (RequestDetails.UsesEncryption)
{
EncryptingCredentials = new X509EncryptingCredentials(details.EncryptingCertificate);
}
if (RequestDetails.TokenType == TokenTypes.SimpleWebToken || RequestDetails.TokenType == TokenTypes.JsonWebToken)
{
SigningCredentials = new HmacSigningCredentials(details.RelyingPartyRegistration.SymmetricSigningKey);
}
ReplyToAddress = RequestDetails.ReplyToAddress.AbsoluteUri;
TokenEncryptionRequired = requireEncryption;
}
public virtual async Task<string> CreateSecurityTokenAsync(Token token)
{
if (token.Type == Constants.TokenTypes.AccessToken)
{
if (token.Client.AccessTokenType == AccessTokenType.JWT)
{
return CreateJsonWebToken(
token,
new X509SigningCredentials(_settings.GetSigningCertificate()));
}
else
{
var handle = Guid.NewGuid().ToString("N");
await _tokenHandles.StoreAsync(handle, token);
return handle;
}
}
if (token.Type == Constants.TokenTypes.IdentityToken)
{
SigningCredentials credentials;
if (token.Client.IdentityTokenSigningKeyType == SigningKeyTypes.ClientSecret)
{
credentials = new HmacSigningCredentials(token.Client.ClientSecret);
}
else
{
credentials = new X509SigningCredentials(_settings.GetSigningCertificate());
}
return CreateJsonWebToken(token, credentials);
}
throw new InvalidOperationException("Invalid token type.");
}
