public string GenerateToken(string userName, EUserRole userRole)
{
var now = DateTime.UtcNow;
var claims = new List <Claim>()
{
new Claim(ClaimsIdentity.DefaultNameClaimType, userName),
new Claim(ClaimsIdentity.DefaultRoleClaimType, userRole.ToString()),
};
var identity = new ClaimsIdentity(claims, "Token");
var token = new JwtSecurityToken(_opts.JwtIssuer,
_opts.JwtAudience,
identity.Claims,
now,
now.AddMinutes(_opts.JwtLifetimeMins),
new SigningCredentials(_opts.PrivateKey, SecurityAlgorithms.RsaSha256));
return(new JwtSecurityTokenHandler().WriteToken(token));
}
/// <summary>
/// Check if the authorization header has a specific role
/// </summary>
/// <param name="role"></param>
/// <returns></returns>
public AmazingRequestContext HasRole(EUserRole role)
{
if (this.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.Role)?.Value != role.ToString())
{
throw new AmazingException(HttpStatusCode.Unauthorized, $"Unauthorized");
}
return(this);
}