/// <summary>
/// Generate access token with a symmetric signing key.
/// </summary>
/// <param name="webToken">JSON web token.</param>
/// <param name="signingKey">Symmetric signing key.</param>
/// <returns>OAuth bearer token (self signed)</returns>
public static string GenerateAccessToken(JsonWebToken webToken, string signingKey)
{
return(String.Format(
"{0}{1}",
JWTTokenHelper.BearerTokenPrefix,
JWTTokenHelper.GenerateAssertion(webToken, signingKey)));
}
/// <summary>
/// Initializes a new instance of the JsonWebToken class, initializes claims from raw values
/// </summary>
/// <param name="issuerPrincipalId">Service principal id of the issuer.</param>
/// <param name="tenantRealm">Realm or context id of the tenant.</param>
/// <param name="audienceHostName">Audience host name.</param>
/// <param name="audiencePrincipalId">Principal id of the protected resource.</param>
/// <param name="nbfTime">DateTime of the NotBefore claim.</param>
/// <param name="validityInSeconds">Validity of the token in seconds.</param>
public JsonWebToken(
string issuerPrincipalId,
string tenantRealm,
string audienceHostName,
string audiencePrincipalId,
DateTime nbfTime,
long validityInSeconds) : this()
{
this.Issuer = JWTTokenHelper.GetFormattedPrincipal(issuerPrincipalId, string.Empty, tenantRealm);
this.Audience = JWTTokenHelper.GetFormattedPrincipal(audiencePrincipalId, audienceHostName, tenantRealm);
this.NotBeforeDateTime = nbfTime;
this.ExpirationDateTime = DateTime.Now.ToUniversalTime().AddSeconds(validityInSeconds);
}
/// <summary>
/// Generates a JWT token for the given tenant, scope
/// </summary>
/// <param name="issuerPrincipalId">Issuer App principal id.</param>
/// <param name="tenantRealm">Tenant context id.</param>
/// <param name="audienceHostName">Service host name</param>
/// <param name="audiencePrincipalId">Principal id of the protected resource or audience</param>
/// <param name="nbfTime">Not valid before time.</param>
/// <param name="validityInSeconds">Token validity duration.</param>
/// <returns>A JWT token initialized with the basic claims.</returns>
public static JsonWebToken GenerateSelfSignedToken(
string issuerPrincipalId,
string tenantRealm,
string audienceHostName,
string audiencePrincipalId,
DateTime nbfTime,
long validityInSeconds)
{
string issuer = JWTTokenHelper.GetFormattedPrincipal(issuerPrincipalId, string.Empty, tenantRealm);
string audience = JWTTokenHelper.GetFormattedPrincipal(audiencePrincipalId, audienceHostName, tenantRealm);
DateTime expirationTime = DateTime.Now.ToUniversalTime().AddSeconds(validityInSeconds);
return(new JsonWebToken(issuer, audience, nbfTime, expirationTime));
}
/// <summary>
/// Generate access token with a symmetric signing key.
/// </summary>
/// <param name="webToken">JSON web token.</param>
/// <param name="signingKey">Symmetric signing key.</param>
/// <returns>Self signed assertion.</returns>
public static string GenerateAssertion(JsonWebToken webToken, string signingKey)
{
TokenHeader tokenHeaderContract = new TokenHeader("HS256", String.Empty);
string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
string tokenBody = Base64Utils.Encode(webToken.EncodeToJson());
string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody);
string signature = Base64Utils.Encode(JWTTokenHelper.SignData(signingKey, rawToken));
string accessToken = string.Format(
"{0}.{1}",
rawToken,
signature);
return(accessToken);
}
/// <summary>
/// Generates a self-signed assertion.
/// </summary>
/// <param name="webToken">Json web token.</param>
/// <param name="signingCert">Signing certificate.</param>
/// <returns>Self signed assertion.</returns>
public static string GenerateAssertion(
JsonWebToken webToken, X509Certificate2 signingCert)
{
string encodedHash = Base64Utils.Encode(signingCert.GetCertHash());
TokenHeader tokenHeaderContract = new TokenHeader("RS256", encodedHash);
string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
string tokenBody = Base64Utils.Encode(webToken.EncodeToJson());
string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody);
string hash = Base64Utils.Encode(JWTTokenHelper.SignData(signingCert, rawToken));
string accessToken = string.Format(
"{0}.{1}",
rawToken,
hash);
return(accessToken);
}
