// ---
/// <summary>
/// Make a token for specified user with specified state
/// </summary>
public static string CreateAuthToken(AppConfig appConfig, JwtAudience audience, JwtArea area, User user, long rightsMask)
{
var now = DateTime.UtcNow;
var uniqueness = UniqueId(appConfig.Auth.Jwt.Secret);
var audienceSett = GetAudienceSettings(appConfig, audience);
var jwtSalt = UserAccount.CurrentJwtSalt(user, audience);
var claims = new[] {
// jw main fields
new Claim(JwtRegisteredClaimNames.Sub, uniqueness),
new Claim(JwtRegisteredClaimNames.Jti, uniqueness),
new Claim(JwtRegisteredClaimNames.Iat, ((DateTimeOffset)now).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
// gm fields
new Claim(ErSecurityStampField, ObtainSecurityStamp(jwtSalt)),
new Claim(ErIdField, user.UserName),
new Claim(ErRightsField, rightsMask.ToString()),
new Claim(ErAreaField, area.ToString().ToLower()),
};
var claimIdentity = new ClaimsIdentity(
claims,
JwtBearerDefaults.AuthenticationScheme
);
var creds = new SigningCredentials(
CreateJwtSecurityKey(appConfig.Auth.Jwt.Secret),
SecurityAlgorithms.HmacSha256
);
var token = new JwtSecurityToken(
issuer: appConfig.Auth.Jwt.Issuer,
audience: audienceSett.Audience.ToLower(),
claims: claimIdentity.Claims,
signingCredentials: creds,
expires: now.AddSeconds(audienceSett.ExpirationSec)
);
return((new JwtSecurityTokenHandler()).WriteToken(token));
}
public RequireJWTArea(JwtArea area)
{
_area = area;
}
/// <summary>
/// Make a security token
/// </summary>
public static string CreateSecurityToken(AppConfig appConfig, JwtAudience audience, JwtArea area, string entityId, string securityStamp, TimeSpan validFor, IEnumerable <Claim> optClaims = null)
{
var now = DateTime.UtcNow;
var uniqueness = UniqueId(appConfig.Auth.Jwt.Secret);
var audienceSett = GetAudienceSettings(appConfig, audience);
var claims = new List <Claim>()
{
// jw main fields
new Claim(JwtRegisteredClaimNames.Sub, uniqueness),
new Claim(JwtRegisteredClaimNames.Jti, uniqueness),
new Claim(JwtRegisteredClaimNames.Iat, ((DateTimeOffset)now).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
// gm fields
new Claim(ErIdField, entityId),
new Claim(ErSecurityStampField, ObtainSecurityStamp(securityStamp)),
new Claim(ErAreaField, area.ToString().ToLower()),
};
if (optClaims != null)
{
claims.AddRange(optClaims);
}
var creds = new SigningCredentials(
CreateJwtSecurityKey(appConfig.Auth.Jwt.Secret),
SecurityAlgorithms.HmacSha256
);
var token = new JwtSecurityToken(
issuer: appConfig.Auth.Jwt.Issuer,
audience: audienceSett.Audience.ToLower(),
claims: claims,
signingCredentials: creds,
expires: now.Add(validFor)
);
return((new JwtSecurityTokenHandler()).WriteToken(token));
}
