private async Task <AzureKeyVaultSignatureProvider> Refresher()
{
var cachedData = await _keyVaultCache.GetKeyVaultCacheDataAsync();
var keyIdentifier = cachedData.KeyIdentifier;
var signatureProvider = new AzureKeyVaultSignatureProvider(
keyIdentifier.Identifier,
JsonWebKeySignatureAlgorithm.RS256,
new AzureKeyVaultAuthentication(_keyVaultOptions.Value.ClientId, _keyVaultOptions.Value.ClientSecret).KeyVaultClientAuthenticationCallback);
return(signatureProvider);
}
/// <summary>
/// Applies the signature to the JWT
/// </summary>
/// <param name="jwt">The JWT object.</param>
/// <returns>The signed JWT</returns>
protected override async Task <string> CreateJwtAsync(JwtSecurityToken jwt)
{
var cachedData = await _keyVaultCache.GetKeyVaultCacheDataAsync();
var rawDataBytes = System.Text.Encoding.UTF8.GetBytes(jwt.EncodedHeader + "." + jwt.EncodedPayload);
var keyIdentifier = cachedData.KeyIdentifier;
var signatureProvider = new AzureKeyVaultSignatureProvider(
keyIdentifier.Identifier,
JsonWebKeySignatureAlgorithm.RS256,
new AzureKeyVaultAuthentication(_keyVaultOptions.Value.ClientId, _keyVaultOptions.Value.ClientSecret).KeyVaultClientAuthenticationCallback);
var rawSignature = await Task.Run(() => Base64UrlEncoder.Encode(signatureProvider.Sign(rawDataBytes))).ConfigureAwait(false);
return(jwt.EncodedHeader + "." + jwt.EncodedPayload + "." + rawSignature);
}
