public JwtTokenDto BuildJwtToken(TokenModelJwt tokenModelJwt)
{
var exp = DateTime.Now.AddSeconds(30);
var claims = new List <Claim> {
//jwt的唯一身份标识,主要用来作为一次性token,从而回避重放攻击。
new Claim(JwtRegisteredClaimNames.Jti, tokenModelJwt.UserId.ToString()),
//令牌颁发时间
new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),//ToUnixTimeSeconds 获取时间戳
//定义在什么时间之前,该jwt都是不可用的.
new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
//这个就是过期时间,目前是过期1000秒,可自定义,注意JWT有自己的缓冲过期时间
new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(exp).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Iss, _jwtSettings.Issuer),
new Claim(JwtRegisteredClaimNames.Aud, _jwtSettings.Audience),
new Claim(ClaimTypes.Sid, tokenModelJwt.UserId.ToString()),
new Claim(ClaimTypes.Expiration, $"{new DateTimeOffset(exp).ToUnixTimeSeconds()}")
};
if (tokenModelJwt.Roles != null)
{
claims.AddRange(tokenModelJwt.Roles.Select(r => new Claim(ClaimTypes.Role, r)));
}
//对称秘钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecretKey));
//签名证书(秘钥,加密算法)
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//生成token [注意]需要nuget添加Microsoft.AspNetCore.Authentication.JwtBearer包,并引用System.IdentityModel.Tokens.Jwt命名空间
var jwtSecurityToken = new JwtSecurityToken(
claims: claims,
signingCredentials: creds
);
var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
return(new JwtTokenDto
{
Token = token,
Expiration = exp
});
}
public TokenModelJwt SerializeJwt(string jwtStr)
{
var jwtHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = jwtHandler.ReadJwtToken(jwtStr);
jwtToken.Payload.TryGetValue(ClaimTypes.Role, out object roles);
var tm = new TokenModelJwt
{
UserId = (jwtToken.Id).ObjToInt()
};
try
{
tm.Roles = roles != null?JsonConvert.DeserializeObject <List <string> >(roles.ObjToString()) : new List <string>();
}
catch
{
tm.Roles = new List <string> {
roles.ObjToString()
};
}
return(tm);
}
