private static string CreateJwt() { DateTime UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc); DateTime now = DateTime.UtcNow; var claimset = new { iss = ISS, sub = CLIENT_ID, aud = "https://go.nexusgroup.com", iat = (int)now.Subtract(UnixEpoch).TotalSeconds, exp = (int)now.AddMinutes(55).Subtract(UnixEpoch).TotalSeconds }; // header var header = new { typ = "JWT", alg = JsonWebKeySignatureAlgorithm.RS256, kid = KEY }; // encoded header var headerSerialized = JsonConvert.SerializeObject(header); var headerBytes = Encoding.UTF8.GetBytes(headerSerialized); var headerEncoded = System.Convert.ToBase64String(headerBytes); // encoded claimset var claimsetSerialized = JsonConvert.SerializeObject(claimset); var claimsetBytes = Encoding.UTF8.GetBytes(claimsetSerialized); var claimsetEncoded = System.Convert.ToBase64String(claimsetBytes); // input var input = String.Join(".", headerEncoded, claimsetEncoded); var inputBytes = Encoding.UTF8.GetBytes(input); var signatureEncoded = KeyVaultUtil.Sign(inputBytes); // jwt return(String.Join(".", headerEncoded, claimsetEncoded, signatureEncoded)); }
public static JsonWebKeySet GetJwks() { KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback( (authority, resource, scope) => KeyVaultUtil.GetToken(authority, resource, scope))); var key = Task.Run(() => keyVaultClient.GetKeyAsync(SignKey())).ConfigureAwait(false).GetAwaiter().GetResult(); var e = Base64UrlEncoder.Encode(key.Key.E); var n = Base64UrlEncoder.Encode(key.Key.E); var jsonWebKey = new Microsoft.IdentityModel.Tokens.JsonWebKey() { Kid = KEY, Kty = "RSA", E = Base64UrlEncoder.Encode(key.Key.E), N = Base64UrlEncoder.Encode(key.Key.N), Alg = "RS256" }; JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(); jsonWebKeySet.Keys.Add(jsonWebKey); return(jsonWebKeySet); }
public static string Sign(byte[] inputBytes) { // signature SHA256 sha256 = SHA256Managed.Create(); KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback( (authority, resource, scope) => KeyVaultUtil.GetToken(authority, resource, scope))); KeyOperationResult resultSign = Task.Run(() => keyVaultClient.SignAsync(SignKey(), JsonWebKeySignatureAlgorithm.RS256, sha256.ComputeHash(inputBytes))) .ConfigureAwait(false).GetAwaiter().GetResult(); var signatureEncoded = System.Convert.ToBase64String(resultSign.Result); return(signatureEncoded); }