public async Task IssueAccessTokenAsync(TokenGeneratingContext context) { var accessToken = await CreateAccessTokenAsync(context); var subjectIdentity = CreateSubject(accessToken); var descriptor = new SecurityTokenDescriptor(); descriptor.Issuer = accessToken.Issuer; descriptor.Audience = accessToken.Audience; descriptor.Subject = subjectIdentity; descriptor.Expires = accessToken.Expires.UtcDateTime; descriptor.NotBefore = accessToken.NotBefore.UtcDateTime; var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync(); descriptor.SigningCredentials = credentialsDescriptor.Credentials; var token = _handler.CreateJwtSecurityToken(descriptor); token.Payload.Remove(IdentityServiceClaimTypes.JwtId); token.Payload.Remove(IdentityServiceClaimTypes.IssuedAt); //token.Payload.Add(IdentityServiceClaimTypes.JwtId, accessToken.Id); context.AddToken(new TokenResult(accessToken, _handler.WriteToken(token), TokenKinds.Bearer)); }
public async Task IssueIdTokenAsync(TokenGeneratingContext context) { var idToken = await CreateIdTokenAsync(context); var subjectIdentity = CreateSubject(idToken); var descriptor = new SecurityTokenDescriptor(); descriptor.Issuer = idToken.Issuer; descriptor.Audience = idToken.Audience; descriptor.Subject = subjectIdentity; descriptor.IssuedAt = idToken.IssuedAt.UtcDateTime; descriptor.Expires = idToken.Expires.UtcDateTime; descriptor.NotBefore = idToken.NotBefore.UtcDateTime; var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync(); descriptor.SigningCredentials = credentialsDescriptor.Credentials; var token = _handler.CreateJwtSecurityToken(descriptor); token.Payload.Remove(IdentityServiceClaimTypes.JwtId); //token.Payload.Add(IdentityServiceClaimTypes.JwtId, idToken.Id); if (idToken.Nonce != null) { token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.Nonce, idToken.Nonce)); } if (idToken.CodeHash != null) { token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.CodeHash, idToken.CodeHash)); } if (idToken.AccessTokenHash != null) { token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.AccessTokenHash, idToken.AccessTokenHash)); } context.AddToken(new TokenResult(idToken, _handler.WriteToken(token))); }