/// <summary> /// Encodes given json string to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">json string to encode (not null or whitespace)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(string payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null) { Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null."); if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } var jwtHeader = new Dictionary <string, object> { { "alg", JwsAlgorithms[algorithm] } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jsMapper.Serialize(jwtHeader)); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); var bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payloadBytes)); byte[] signature = HashAlgorithms[algorithm].Sign(bytesToSign, key); return(Compact.Serialize(headerBytes, payloadBytes, signature)); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } var jwtHeader = new Dictionary <string, object> { { "alg", JwsAlgorithms[algorithm] } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jsMapper.Serialize(jwtHeader)); var bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payload)); byte[] signature = HashAlgorithms[algorithm].Sign(bytesToSign, key); return(Compact.Serialize(headerBytes, payload, signature)); }
public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null) { if (payload == null) { throw new ArgumentNullException("payload"); } if (extraHeaders == null) { extraHeaders = new Dictionary <string, object>() { { "typ", "JWT" } }; } Dictionary <string, object> strs = new Dictionary <string, object>() { { "alg", JWT.JwsAlgorithms[algorithm] } }; Dictionaries.Append <string, object>(strs, extraHeaders); byte[] bytes = Encoding.UTF8.GetBytes(JWT.jsMapper.Serialize(strs)); byte[] numArray = Encoding.UTF8.GetBytes(Compact.Serialize(new byte[][] { bytes, payload })); //SHA256 sha = SHA256.Create(); //byte[] numArray1 = sha.ComputeHash(numArray); byte[] numArray1 = JWT.HashAlgorithms[algorithm].Sign(numArray, key); return(Compact.Serialize(new byte[][] { bytes, payload, numArray1 })); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } var jwtSettings = GetSettings(settings); var jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwsHeaderValue(algorithm) } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); var bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payload)); var jwsAlgorithm = jwtSettings.Jws(algorithm); if (jwsAlgorithm == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } byte[] signature = jwsAlgorithm.Sign(bytesToSign, key); return(Compact.Serialize(headerBytes, payload, signature)); }
public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null) { if (payload == null) { throw new ArgumentNullException("payload"); } if (extraHeaders == null) { extraHeaders = new Dictionary <string, object>() { { "typ", "JWT" } }; } Dictionary <string, object> strs = new Dictionary <string, object>() { { "alg", JWT.JwsAlgorithms[algorithm] } }; Dictionaries.Append <string, object>(strs, extraHeaders); byte[] bytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(strs)); byte[] numArray = Encoding.UTF8.GetBytes(Compact.Serialize(new byte[][] { bytes, payload })); //byte[] numArray1 = JWT.HashAlgorithms[algorithm].Sign(numArray, key); SHA512 sha1 = SHA512.Create(); byte[] numArray1 = sha1.ComputeHash(numArray); //System.Security.Cryptography.SHA512Cng -- return(Compact.Serialize(new byte[][] { bytes, payload, numArray1 })); }
public void ShouldGetCurrentToSignAndValidateJws(string algorithm, KeyType keyType) { var options = new JwksOptions() { Jws = JwsAlgorithm.Create(algorithm, keyType), KeyPrefix = $"{nameof(JsonWebKeySetServiceTests)}_" }; _jwksService.GenerateSigningCredentials(options); var signingCredentials = _jwksService.GetCurrentSigningCredentials(); var handler = new JsonWebTokenHandler(); var now = DateTime.Now; var descriptor = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = new ClaimsIdentity(GenerateClaim().Generate(5)), SigningCredentials = signingCredentials }; var jwt = handler.CreateToken(descriptor); var result = handler.ValidateToken(jwt, new TokenValidationParameters { ValidIssuer = "me", ValidAudience = "you", IssuerSigningKey = signingCredentials.Key }); result.IsValid.Should().BeTrue(); }
public ISignatureValidator Create(TokenHeader header, JwsAlgorithm algorithm) { switch (algorithm) { case JwsAlgorithm.RS256: case JwsAlgorithm.RS384: case JwsAlgorithm.RS512: return(new Rsa(header, algorithm, GetLogger <Rsa>())); case JwsAlgorithm.HS256: case JwsAlgorithm.HS384: case JwsAlgorithm.HS512: return(new Hmac(header, algorithm, GetLogger <Hmac>())); case JwsAlgorithm.ES256: case JwsAlgorithm.ES384: case JwsAlgorithm.ES512: return(new Ecdsa(header, algorithm, GetLogger <Ecdsa>())); case JwsAlgorithm.PS256: case JwsAlgorithm.PS384: case JwsAlgorithm.PS512: throw Logger.Exception($"The JWS signature algorithm {algorithm} is not supported yet"); default: throw Logger.Exception("Invalid JWS Algorithm"); } }
public void ShouldGenerate(string algorithm, KeyType keyType) { _keyService.GenerateSigningCredentials(new JwksOptions() { KeyPrefix = "ShouldGenerateManyRsa_", Jws = JwsAlgorithm.Create(algorithm, keyType) }); }
public void ShouldKeepPublicKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType) { var alg = JwsAlgorithm.Create(algorithm, keyType); var key = _keyService.GenerateSigningCredentials(new JwksOptions() { KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg }); var privateKey = new SecurityKeyWithPrivate(); privateKey.SetJwsParameters(key.Key, alg); _jsonWebKeyStore.Save(privateKey); /*Remove private*/ _jsonWebKeyStore.Revoke(privateKey); var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId); jsonWebKey.Kty.Should().NotBeNullOrEmpty(); jsonWebKey.HasPrivateKey.Should().BeFalse(); switch (jsonWebKey.Kty) { case JsonWebAlgorithmsKeyTypes.EllipticCurve: jsonWebKey.X.Should().NotBeNullOrEmpty(); jsonWebKey.Y.Should().NotBeNullOrEmpty(); break; case JsonWebAlgorithmsKeyTypes.RSA: jsonWebKey.N.Should().NotBeNullOrEmpty(); jsonWebKey.E.Should().NotBeNullOrEmpty(); break; case JsonWebAlgorithmsKeyTypes.Octet: jsonWebKey.K.Should().NotBeNullOrEmpty(); break; } }
public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } var jwtHeader = new Dictionary <string, object> { { "alg", algorithm.ToString() } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(jwtHeader)); var bytesToSign = Encoding.UTF8.GetBytes(Serialize(headerBytes, payload)); var signer = SignerUtilities.GetSigner("SHA-384withECDSA"); signer.Init(true, (ECPrivateKeyParameters)key); signer.BlockUpdate(bytesToSign, 0, bytesToSign.Length); byte[] signature = signer.GenerateSignature(); return(Serialize(headerBytes, payload, transcodeSignatureToConcat(signature, 96))); }
public static byte[] DecodeBytes(string token, object key, JwsAlgorithm alg) { JweAlgorithm? nullable = null; JweEncryption?nullable1 = null; return(JWT.DecodeBytes(token, key, new JwsAlgorithm?(alg), nullable, nullable1)); }
/// <summary> /// Encodes given json string to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">json string to encode (not null or whitespace)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(string payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null."); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); return(EncodeBytes(payloadBytes, key, algorithm, extraHeaders, settings)); }
public JsonWebToken(string secret, JwsAlgorithm algorithm) { if (algorithm == JwsAlgorithm.HS256 || algorithm == JwsAlgorithm.HS384 || algorithm == JwsAlgorithm.HS512) { this.secret = secret; this.algorithm = algorithm; } else { throw new Exception("Only HS256, HS384, and HS512 hashing algorithms are allowed"); } }
public void ShouldSaveCryptoAndRecover(string algorithm, KeyType keyType) { var options = new JwksOptions() { Jws = JwsAlgorithm.Create(algorithm, keyType) }; var newKey = _keyService.GetCurrentSigningCredentials(options); _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).Count.Should().BePositive(); var currentKey = _keyService.GetCurrentSigningCredentials(options); newKey.Kid.Should().Be(currentKey.Kid); }
public void PassCorrectToken(JwsAlgorithm algorithm, string key) { IdentityModelEventSource.ShowPII = true; var payload = GetPayload(); var signKey = GetKey(key, algorithm); var token = JWT.Encode(payload, signKey, algorithm); var settings = BuildDefaultTokenValidationSettings(); var validationParameters = settings.BuildTokenValidationParameters(); var claims = new JwtSecurityTokenHandler().ValidateToken(token, validationParameters, out _); Assert.NotNull(claims); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="options">additional encoding options</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } var jwtSettings = GetSettings(settings); var jwtOptions = options ?? JwtOptions.Default; var jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwsHeaderValue(algorithm) } }; if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } if (!jwtOptions.EncodePayload) { jwtHeader["b64"] = false; jwtHeader["crit"] = Collections.Union(new[] { "b64" }, Dictionaries.Get <object>(extraHeaders, "crit")); } Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); var jwsAlgorithm = jwtSettings.Jws(algorithm); if (jwsAlgorithm == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } byte[] signature = jwsAlgorithm.Sign(securedInput(headerBytes, payload, jwtOptions.EncodePayload), key); byte[] payloadBytes = jwtOptions.DetachPayload ? new byte[0] : payload; return(jwtOptions.EncodePayload ? Compact.Serialize(headerBytes, payloadBytes, signature) : Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature)); }
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType) { var alg = JwsAlgorithm.Create(algorithm, keyType); var key = _keyService.GenerateSigningCredentials(new JwksOptions() { KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg }); var privateKey = new SecurityKeyWithPrivate(); privateKey.SetJwsParameters(key.Key, alg); _jsonWebKeyStore.Save(privateKey); /*Remove private*/ privateKey.Revoke(); _jsonWebKeyStore.Revoke(privateKey); }
public void WrongSignatureToken_Should_Fail(JwsAlgorithm algorithm, string key) { var payload = GetPayload(); var signKey = GetKey(key, algorithm); var token = JWT.Encode(payload, signKey, algorithm); var settings = BuildDefaultTokenValidationSettings(); var validationParameters = settings.BuildTokenValidationParameters(); Assert.Throws<SecurityTokenInvalidSignatureException>(() => { var claims = new JwtSecurityTokenHandler().ValidateToken(token, validationParameters, out SecurityToken securityToken); }); }
/// <summary> /// Encodes given json string to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">json string to encode (not null or whitespace)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(string payload, object key, JwsAlgorithm algorithm) { Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null."); var jwtHeader = new Dictionary <string, object> { { "typ", "JWT" }, { "alg", JwsAlgorithms[algorithm] } }; byte[] headerBytes = Encoding.UTF8.GetBytes(jsMapper.Serialize(jwtHeader)); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); var bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payloadBytes)); byte[] signature = HashAlgorithms[algorithm].Sign(bytesToSign, key); return(Compact.Serialize(headerBytes, payloadBytes, signature)); }
public void ShouldSaveDeterministicJwkRecoverAndSigning(string algorithm, KeyType keyType) { this.WarmupData.Clear(); var options = new JwksOptions() { Jws = JwsAlgorithm.Create(algorithm, keyType) }; var handler = new JsonWebTokenHandler(); var now = DateTime.Now; // Generate right now and in memory var newKey = _keyService.GetCurrentSigningCredentials(options); // recovered from database var currentKey = _keyService.GetCurrentSigningCredentials(options); newKey.Kid.Should().Be(currentKey.Kid); var claims = new ClaimsIdentity(GenerateClaim().Generate(5)); var descriptor = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = claims, SigningCredentials = newKey }; var descriptorFromDb = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = claims, SigningCredentials = currentKey }; var jwt1 = handler.CreateToken(descriptor); var jwt2 = handler.CreateToken(descriptorFromDb); jwt1.Should().Be(jwt2); }
public void WrongType_Should_Fail(JwsAlgorithm algorithm, string key) { var payload = GetPayload(); payload = payload.Replace("access_token", "another"); var signKey = GetKey(key, algorithm); var token = JWT.Encode(payload, signKey, algorithm); var settings = BuildDefaultTokenValidationSettings(); var validationParameters = settings.BuildTokenValidationParameters(); Assert.Throws<UnauthorizedAccessException>(() => { var claims = new JwtSecurityTokenHandler().ValidateToken(token, validationParameters, out SecurityToken securityToken); }); }
private static object GetKey(string key, JwsAlgorithm algorithm) { switch (algorithm) { case JwsAlgorithm.HS256: return Convert.FromBase64String(key); case JwsAlgorithm.RS256: var rsa = new RSACryptoServiceProvider(2048); var raw = Convert.FromBase64String(key); var privateKey = Encoding.UTF8.GetString(raw); rsa.FromXmlString(privateKey); return rsa; default: return null; } }
public void ShouldNotBeSameJwtWhenProbabilisticToken(string algorithm, KeyType keyType) { var signingCredentials = _service.GenerateSigningCredentials(JwsAlgorithm.Create(algorithm, keyType)); var handler = new JsonWebTokenHandler(); var now = DateTime.Now; var descriptor = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = new ClaimsIdentity(GenerateClaim().Generate(5)), SigningCredentials = signingCredentials }; var jwt1 = handler.CreateToken(descriptor); var jwt2 = handler.CreateToken(descriptor); jwt1.Should().NotBe(jwt2); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { if (payload == null) { // https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/nameof // nameof is not defined prior to c# 6.0 spec // throw new ArgumentNullException(nameof(payload)); throw new ArgumentNullException("payload is null"); } if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } var jwtSettings = GetSettings(settings); var jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwsHeaderValue(algorithm) } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); var bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payload)); var jwsAlgorithm = jwtSettings.Jws(algorithm); if (jwsAlgorithm == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } byte[] signature = jwsAlgorithm.Sign(bytesToSign, key); return(Compact.Serialize(headerBytes, payload, signature)); }
public bool ValidateToken(string token, string secretKey, JwsAlgorithm jwsAlgorithm = JwsAlgorithm.HS256) { try { var secret = Encoding.UTF8.GetBytes(secretKey); var payload = Jose.JWT.Decode <IDictionary <string, object> >(token, secret, jwsAlgorithm); var exp = Convert.ToDateTime(payload["exp"]); if (exp < DateTime.Now) { throw new AuthException("登录超时,请重新登录"); } return(true); } catch (Exception ex) { if (_logger.IsEnabled(LogLevel.Warning)) { _logger.LogWarning("token验证失败,原因:" + ex.Message, ex); } return(false); } }
public byte[] Sign(string keyId, byte[] payload, JwsAlgorithm algorithm) { HashAlgorithmName hashAlgorithm; RSASignaturePadding padding; switch (algorithm) { case JwsAlgorithm.Rs256: hashAlgorithm = HashAlgorithmName.SHA256; padding = RSASignaturePadding.Pkcs1; break; case JwsAlgorithm.Ps256: hashAlgorithm = HashAlgorithmName.SHA256; padding = RSASignaturePadding.Pss; break; default: throw new ArgumentOutOfRangeException(nameof(algorithm), algorithm, null); } return(_keys[keyId].SignHash(payload, hashAlgorithm, padding)); }
//protected Dictionary<string, object> JoseDotNetCore(string token, JweEncryption enc, JweAlgorithm alg, byte[] key) //{ // return Jose.JWT.Decode<Dictionary<string, object>>(token, key: key, enc: enc/*JweEncryption.A128CBC_HS256*/, alg: alg/*JweAlgorithm.A128KW*/); //} protected Dictionary <string, object> JoseDotNetCore(string token, JwsAlgorithm alg, byte[]?key) { return(Jose.JWT.Decode <Dictionary <string, object> >(token, key: key, alg: alg /*JwsAlgorithm.HS256*/)); }
public IDictionary <string, object> GetPayLoad(string token, string secretKey, JwsAlgorithm jwsAlgorithm = JwsAlgorithm.HS256) { if (ValidateToken(token, secretKey, jwsAlgorithm)) { var secret = Encoding.UTF8.GetBytes(secretKey); var payload = Jose.JWT.Decode <IDictionary <string, object> >(token, secret, jwsAlgorithm); return(payload); } return(null); }
public string GenerateToken(IDictionary <string, object> headers, IDictionary <string, object> payload, string secretKey, JwsAlgorithm jwsAlgorithm = JwsAlgorithm.HS256) { if (string.IsNullOrEmpty(secretKey)) { throw new AuthException("未配置secretKey"); } var secret = Encoding.UTF8.GetBytes(secretKey); string token = Jose.JWT.Encode(payload, secret, jwsAlgorithm, extraHeaders: headers); return(token); }
/// <summary> /// Serialize and encodes object to JWT token and sign it using given algorithm. /// Json string to encode will be obtained via configured IJsonMapper implementation. /// </summary> /// <param name="payload">object to map to json string and encode</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(object payload, object key, JwsAlgorithm algorithm) { return(Encode(jsMapper.Serialize(payload), key, algorithm)); }