// --- /// <summary> /// Make a token for specified user with specified state /// </summary> public static string CreateAuthToken(AppConfig appConfig, JwtAudience audience, JwtArea area, User user, long rightsMask) { var now = DateTime.UtcNow; var uniqueness = UniqueId(appConfig.Auth.Jwt.Secret); var audienceSett = GetAudienceSettings(appConfig, audience); var jwtSalt = UserAccount.CurrentJwtSalt(user, audience); var claims = new[] { // jw main fields new Claim(JwtRegisteredClaimNames.Sub, uniqueness), new Claim(JwtRegisteredClaimNames.Jti, uniqueness), new Claim(JwtRegisteredClaimNames.Iat, ((DateTimeOffset)now).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), // gm fields new Claim(ErSecurityStampField, ObtainSecurityStamp(jwtSalt)), new Claim(ErIdField, user.UserName), new Claim(ErRightsField, rightsMask.ToString()), new Claim(ErAreaField, area.ToString().ToLower()), }; var claimIdentity = new ClaimsIdentity( claims, JwtBearerDefaults.AuthenticationScheme ); var creds = new SigningCredentials( CreateJwtSecurityKey(appConfig.Auth.Jwt.Secret), SecurityAlgorithms.HmacSha256 ); var token = new JwtSecurityToken( issuer: appConfig.Auth.Jwt.Issuer, audience: audienceSett.Audience.ToLower(), claims: claimIdentity.Claims, signingCredentials: creds, expires: now.AddSeconds(audienceSett.ExpirationSec) ); return((new JwtSecurityTokenHandler()).WriteToken(token)); }