/// <summary> /// Authorizes the specified scopes. /// </summary> /// <param name="serviceAccount">The service account.</param> /// <param name="certificate">The certificate.</param> /// <param name="scopes">The scopes.</param> /// <returns> /// An access token. /// </returns> public static async Task <JsonWebTokenAccessToken> Authorize(string serviceAccount, X509Certificate2 certificate, params string[] scopes) { if (string.IsNullOrWhiteSpace(serviceAccount)) { throw new ArgumentNullException("serviceAccount"); } if (certificate == null) { throw new ArgumentNullException("certificate"); } var claimSet = new JsonWebTokenClaimSet { Audience = authorizeUri, Issuer = serviceAccount, Duration = TimeSpan.FromMinutes(59) }; foreach (var scope in scopes) { claimSet.Scopes.Add(scope); } var signer = new Sha256JsonWebTokenSigner(certificate); var result = await JsonWebToken.Authorize(claimSet, signer); return(result); }
private static string CreateToken(JsonWebTokenClaimSet claimSet, IJsonWebTokenSigner signer) { var header = new { typ = "JWT", alg = signer.AlgorithmName }; var headerEncoded = Encode(header); var claimsetEncoded = Encode(claimSet.ToJavaScriptObject()); var baseEncoded = string.Join(".", headerEncoded, claimsetEncoded); var baseBytes = Encoding.UTF8.GetBytes(baseEncoded); var signatureBytes = signer.Sign(baseBytes); var signatureEncoded = signatureBytes.EncodeBase64Url(); return(string.Join(".", headerEncoded, claimsetEncoded, signatureEncoded)); }
/// <summary> /// Queries a JSON web token service with the given claim set signed with the given signer /// returning a JSON web access token response. /// </summary> /// <param name="claimSet">The claim set to use.</param> /// <param name="signer">The signer to use to sign the JSON web token before querying.</param> /// <returns>The JSON web access token response.</returns> /// <exception cref="System.ArgumentNullException">If claimSet or signer are null.</exception> /// <exception cref="System.InvalidOperationException"> /// If JsonWebToken.JsonDeserialize has not been configured or claimSet.Audience does not /// contain a valid service Uri for authorizing the claim. /// </exception> public static async Task <JsonWebTokenAccessToken> Authorize(JsonWebTokenClaimSet claimSet, IJsonWebTokenSigner signer) { if (claimSet == null) { throw new ArgumentNullException("claimSet"); } if (signer == null) { throw new ArgumentNullException("signer"); } if (JsonWebTokenJsonDeserialize == null) { throw new InvalidOperationException( "JsonWebToken.JsonDeserialize must be set to a valid JSON deserializer before calling authorize."); } if (claimSet.Audience == null) { throw new InvalidOperationException("claimSet.Audience must contain the Uri of the service that will authorize the claim."); } var jsonWebToken = CreateToken(claimSet, signer); var parameters = new NameValueCollection() { { "grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer" }, { "assertion", jsonWebToken } }; var webClient = new WebClient(); var response = await webClient.UploadValuesTaskAsync(claimSet.Audience, "POST", parameters); var jsonResult = Encoding.UTF8.GetString(response); var result = JsonWebTokenJsonDeserialize(jsonResult); var accessToken = new JsonWebTokenAccessToken(result); return(accessToken); }