public static string GenerateToken(this ClaimsIdentity identity, string audienceId, string symmetricKeyAsBase64, string issuer, DateTimeOffset? issued, DateTimeOffset? expires) { var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var signingKey = new HmacSigningCredentials(keyByteArray); var token = new JwtSecurityToken(issuer, audienceId, identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey); var handler = new JwtSecurityTokenHandler(); string jwt = handler.WriteToken(token); return jwt; }
public RequestDetailsScope(RequestDetails details, SigningCredentials signingCredentials, bool requireEncryption) : base(details.Realm.Uri.AbsoluteUri, signingCredentials) { RequestDetails = details; if (RequestDetails.UsesEncryption) { EncryptingCredentials = new X509EncryptingCredentials(details.EncryptingCertificate); } if (RequestDetails.TokenType == TokenTypes.SimpleWebToken || RequestDetails.TokenType == TokenTypes.JsonWebToken) { SigningCredentials = new HmacSigningCredentials(details.RelyingPartyRegistration.SymmetricSigningKey); } ReplyToAddress = RequestDetails.ReplyToAddress.AbsoluteUri; TokenEncryptionRequired = requireEncryption; }
public virtual async Task<string> CreateSecurityTokenAsync(Token token) { if (token.Type == Constants.TokenTypes.AccessToken) { if (token.Client.AccessTokenType == AccessTokenType.JWT) { return CreateJsonWebToken( token, new X509SigningCredentials(_settings.GetSigningCertificate())); } else { var handle = Guid.NewGuid().ToString("N"); await _tokenHandles.StoreAsync(handle, token); return handle; } } if (token.Type == Constants.TokenTypes.IdentityToken) { SigningCredentials credentials; if (token.Client.IdentityTokenSigningKeyType == SigningKeyTypes.ClientSecret) { credentials = new HmacSigningCredentials(token.Client.ClientSecret); } else { credentials = new X509SigningCredentials(_settings.GetSigningCertificate()); } return CreateJsonWebToken(token, credentials); } throw new InvalidOperationException("Invalid token type."); }