public async Task <AuthToken> CreateAuthTokenAsync(string userType, string userId, TokenCreationParameters parameters)
{
var user = await _userManager.FindUserAsync(userType, userId, UserSearchMode.FindById);
var builder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(_secret)
.AddClaim("sub", userId)
.AddClaim("ut", userType)
.AddClaim("iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds())
.AddClaim("preferred_username", user?.DisplayName ?? userId);
if (parameters.Audience != null)
{
builder.AddClaim("aud", parameters.Audience);
}
if (parameters.ExpirationTime != null)
{
builder.AddClaim("exp", parameters.ExpirationTime.Value.ToUnixTimeSeconds());
}
var token = builder.Encode();
return(new AuthToken
{
Token = token,
OwnerId = userId,
OwnerType = userType
});
}
public string Create(string secret, IDictionary <string, object> claims, string tokenIssuer = "", TimeSpan?tokenTimeSpan = null)
{
if (string.IsNullOrWhiteSpace(secret))
{
throw new ArgumentNullException(nameof(secret));
}
if (claims is null || !claims.Any())
{
throw new ArgumentNullException(nameof(claims));
}
_jwtBuilder.WithSecret(Encoding.UTF8.GetBytes(secret));
//add Issuer if specified
if (!string.IsNullOrWhiteSpace(tokenIssuer))
{
_jwtBuilder.AddClaim(ClaimName.Issuer, tokenIssuer);
}
//add ExpirationTime if specified
if (tokenTimeSpan.HasValue)
{
_jwtBuilder.AddClaim(ClaimName.ExpirationTime, DateTimeOffset.UtcNow.Add(tokenTimeSpan.Value).ToUnixTimeSeconds());
}
//include all provided claims
foreach (var claim in claims)
{
_jwtBuilder.AddClaim(claim.Key, claim.Value);
}
//create and return the token
return(_jwtBuilder.Encode());
}
public static string BuildJwt(this object obj, string secret = null, long minutes = 60)
{
if (secret.IsNullOrWhiteSpace())
{
secret = Secret;
}
try
{
var jwt = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret);
foreach (var propertyInfo in obj.GetType().GetProperties())
{
jwt.AddClaim(propertyInfo.Name.ToLower(), propertyInfo.GetValue(obj));
}
jwt.AddClaim("expire", DateTime.Now.AddMinutes(minutes));
var token = jwt.Encode();
return(token);
}
catch
{
return(null);
}
}
public AccessToken GenerateAccessToken(string userId, string clientId, string scope, double expiresInSeconds)
{
JwtBuilder encoder = new JwtBuilder().WithAlgorithm(new HMACSHA256Algorithm()).WithSecret(_secret).AddClaim("scope", scope);
DateTimeOffset now = DateTimeOffset.UtcNow;
encoder = encoder.AddClaim("iat", now.ToUnixTimeSeconds());
encoder = encoder.AddClaim("exp", now.AddSeconds(expiresInSeconds).ToUnixTimeSeconds());
if (!String.IsNullOrWhiteSpace(userId))
{
encoder = encoder.AddClaim("sub", userId);
}
if (!String.IsNullOrWhiteSpace(clientId))
{
encoder = encoder.AddClaim("cid", clientId);
}
AccessToken accessToken = new AccessToken();
accessToken.ExpiresIn = (long)expiresInSeconds;
accessToken.Scope = scope;
accessToken.TokenType = "bearer";
accessToken.Token = encoder.Build();
return(accessToken);
}
public virtual void SerializeToJwt(JwtBuilder builder)
{
builder.AddClaim("jwtId", this.jwtId);
builder.AddClaim("authenticationMethod", this.AuthenticationMethod);
if (!string.IsNullOrEmpty(this.Endpoint))
{
builder.AddClaim("endpoint", this.Endpoint);
}
}
public static string Generate(object _o, DateTime _exp)
{
var _builder = new JwtBuilder().WithAlgorithm(new HMACSHA256Algorithm()).WithSecret(m_secret);
_builder = _builder.AddClaim("exp", new DateTimeOffset(_exp).ToUnixTimeSeconds());
foreach (var(_key, _val) in _o.json())
{
if (_key == "exp")
{
throw new Exception("field name \"exp\" is invalid");
}
_builder = _builder.AddClaim(_key, _val.to_str());
}
return(_builder.Build());
}
public static string BuildToken(Dictionary <string, string> claims, string secret)
{
var builder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret);
claims.ToList().ForEach(claim => builder.AddClaim(claim.Key, claim.Value));
return(builder.Encode());
}
public static JwtBuilder AddClaims(this JwtBuilder builder, PinAuth pinPayload)
{
return(builder
.AddClaim("client_id", pinPayload.client_id)
.AddClaim("device_id", pinPayload.device_id)
.AddClaim("credential", pinPayload.credential)
.AddClaim("credential_type", pinPayload.credential_type)
.AddClaim("nonce", pinPayload.nonce)
.AddClaim("timestamp", pinPayload.timestamp)
.AddClaim("scope", pinPayload.scope));
}
public void SerializeToJwt(JwtBuilder builder)
{
builder.AddClaim("jwtId", this.jwtId);
if (this.isRootUser)
{
builder.AddClaim("isRootUser", true);
}
if (this.isSteamUser)
{
builder.AddClaim("isSteamUser", true);
builder.AddClaim("steamId", this.steamId.ToString());
}
if (this.endpoint != null)
{
builder.AddClaim("endpoint", this.endpoint);
}
}
public Task <string> Generate(UserInformation user, Guid correlationId, TimeSpan?expiresIn, CancellationToken cancellationToken)
{
var token = new JwtBuilder()
.WithAlgorithm(new HMACSHA512Algorithm())
.WithSecret(_userResolverSecret.GetSecret())
.AddClaim("sub", user.Username)
.AddClaim("uid", user.UserIdentifier)
.AddClaim("iat", ServiceClock.CurrentTime().ToUnixTimeSeconds())
;
if (expiresIn != null)
{
token.AddClaim("exp", ServiceClock.CurrentTime().Add(expiresIn.Value).ToUnixTimeSeconds());
}
if (user.Roles != null && user.Roles.Length > 0)
{
token.AddClaim("roles", user.Roles);
}
else
{
token.AddClaim("roles", new string[0]);
}
if (user.Claims != null && user.Claims.Any())
{
foreach (var claim in user.Claims)
{
string[] ignore = { "exp", "roles", "uid", "iat", "sub" };
if (!ignore.Contains(claim.Key))
{
token.AddClaim(claim.Key, claim.Value);
}
}
}
var tokenStr = token.Encode();
_logger.LogTrace($"Generated, token: {tokenStr}, correlationId: {correlationId}");
return(Task.FromResult(tokenStr));
}
public static JwtBuilder AddClaims(this JwtBuilder builder, DeviceAuth deviceAuth)
{
return(builder
.AddClaim("client_id", deviceAuth.client_id)
.AddClaim("device_id", deviceAuth.device_id)
.AddClaim("username", deviceAuth.username)
.AddClaim("password", deviceAuth.password)
.AddClaim("nonce", deviceAuth.nonce)
.AddClaim("timestamp", deviceAuth.timestamp)
.AddClaim("scope", deviceAuth.scope)
.AddClaim("grant_type", deviceAuth.grant_type));
}
/// <summary>
/// 获取jwtToken
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public static string GetJwtToken(Dictionary <string, string> data)
{
var tokenBuilder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret);
foreach (var keyValuePair in data)
{
tokenBuilder.AddClaim(keyValuePair.Key, keyValuePair.Value);
}
return(tokenBuilder.Build());
}
private string GenerateTokenFromAzureKeyCredential(DateTimeOffset expiresAt, string userId = default, IEnumerable <string> roles = default)
{
var keyBytes = Encoding.UTF8.GetBytes(_credential.Key);
var jwt = new JwtBuilder(keyBytes);
var now = DateTimeOffset.UtcNow;
string endpoint = this.endpoint.AbsoluteUri;
if (!endpoint.EndsWith("/", StringComparison.Ordinal))
{
endpoint += "/";
}
var audience = $"{endpoint}client/hubs/{hub}";
if (userId != default)
{
jwt.AddClaim(JwtBuilder.Sub, userId);
}
if (roles != default && roles.Any())
{
jwt.AddClaim(s_role, roles);
}
jwt.AddClaim(JwtBuilder.Nbf, now);
jwt.AddClaim(JwtBuilder.Exp, expiresAt);
jwt.AddClaim(JwtBuilder.Iat, now);
jwt.AddClaim(JwtBuilder.Aud, audience);
return(jwt.BuildString());
}
/// <summary>
/// Encode object with secret
/// </summary>
/// <param name="secretToken"></param>
/// <param name="objectToEncode"></param>
/// <returns></returns>
public OutputDto <string> Encode(string secretToken, object objectToEncode, DateTime?tokenExpireDate = null, IJwtAlgorithm algorithm = null)
{
try
{
//Add 1 hour of token expiration by default
DateTimeOffset expireDate = DateTimeOffset.UtcNow.AddHours(1);
//Add default algorithm
if (algorithm == null)
{
algorithm = new HMACSHA256Algorithm();
}
//Encode token
var tokenBuilder = new JwtBuilder()
.WithAlgorithm(algorithm)
.WithSecret(secretToken)
.AddClaim("content", objectToEncode);
//Validate expire date
if (tokenExpireDate.HasValue)
{
//Parse date to UTC
expireDate = tokenExpireDate.Value.Kind != DateTimeKind.Utc ? tokenExpireDate.Value.ToUniversalTime() : tokenExpireDate.Value;
tokenBuilder = tokenBuilder.AddClaim("exp", expireDate.ToUnixTimeSeconds());
}
//Build token
var token = tokenBuilder.Build();
//Validate token
if (string.IsNullOrWhiteSpace(token))
{
return(new OutputDto <string>(HttpStatusCode.Unauthorized, "The generated token is empty", null));
}
if (tokenExpireDate.HasValue)
{
//Return converted Object
return(new OutputDto <string>(token, HttpStatusCode.OK, ToUtc(expireDate.DateTime)));
}
else
{
return(new OutputDto <string>(token));
}
}
catch (Exception ex)
{
return(new OutputDto <string>(HttpStatusCode.Unauthorized, ex.ToString()));
}
}
public string GenerateJwt(ClaimsPrincipal user)
{
// add identityhub claims
var claims = user.Claims.ToList();
// _builder.AddClaims();
_builder.AddClaim("access_token", claims.FirstOrDefault(c =>
c.Type.Equals("http://schemas.u2uconsult.com/ws/2014/03/identity/claims/accesstoken"))
?.Value);
_builder.AddClaim("id", claims.FirstOrDefault(c =>
c.Type.Equals("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"))
?.Value);
_builder.AddClaim("name", claims.FirstOrDefault(c =>
c.Type.Equals("http://schemas.u2uconsult.com/ws/2014/04/identity/claims/displayname"))
?.Value);
_builder.AddClaim("email", claims.FirstOrDefault(c =>
c.Type.Equals("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
?.Value);
return(_builder.Encode());
}
public static string CreateUserToken(User user)
{
PropertyInfo[] propertyInfos = typeof(User).GetProperties();
var currTime = DateTime.Now;
var token = new JwtBuilder().WithAlgorithm(new HMACSHA256Algorithm()).WithSecret(SECRET_KEY).ExpirationTime(currTime.AddHours(8));
foreach (var prop in propertyInfos)
{
token.AddClaim(prop.Name, prop.GetValue(user));
}
return(token.Encode());
}
private string Create(Dictionary <string, object> claims)
{
var tokenBuilder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(_secret);
foreach (var claim in claims)
{
tokenBuilder.AddClaim(claim.Key, claim.Value.ToString());
}
return(tokenBuilder.Build());
}
public string BuildToken(IEnumerable <Claim> claims, int ExpireMinutes = 20)
{
var jb = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(Secret);
foreach (var claim in claims)
{
jb.AddClaim(claim.Type, claim.Value);
}
var token = jb.Build();
return(token);
}
public string Serialize(IDictionary <string, string> claims)
{
var exp = (DateTimeOffset.UtcNow + duration).ToUnixTimeSeconds();
var builder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret)
.AddClaim("exp", exp);
foreach (var claim in claims)
{
builder = builder.AddClaim(claim.Key, claim.Value);
}
return(builder.Build());
}
private string GenerateToken(IDictionary <string, object> payload, string secret)
{
Guard.NotNull(payload, nameof(payload));
Guard.NotNullOrWhiteSpace(secret, nameof(secret));
var builder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret);
foreach (var claim in payload)
{
builder.AddClaim(claim.Key, claim.Value);
}
return(builder.Build());
}
public string CreateJwtToken(Dictionary <string, object> payloadItems, string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk")
{
var builder = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret)
;
foreach (var item in payloadItems)
{
builder.AddClaim(item.Key, item.Value);
}
var token = builder.Build();
return(token);
}
public static string EncodeJwt(string keyId, Dictionary <string, object> claims)
{
var builder = new JwtBuilder()
.WithAlgorithmFactory(_factory)
.WithAlgorithm(new RS256Algorithm(Certificate))
.WithSerializer(_serializer)
.WithValidator(_validator)
.WithSecret("passord")
.AddHeader(HeaderName.KeyId, keyId);
foreach (var(key, value) in claims)
{
builder.AddClaim(key, value);
}
return(builder.Encode());
}
public static string CreateToken(List <ClaimModel> claims)
{
string secret = ConfigurationManager.AppSettings["token::salt"].ToString();
string tokenExp = ConfigurationManager.AppSettings["token::exp"].ToString();
var token = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secret)
.AddClaim("exp", DateTimeOffset.UtcNow.AddSeconds(Int32.Parse(tokenExp)).ToUnixTimeSeconds());
foreach (var claim in claims)
{
token.AddClaim(claim.Name, claim.Value);
}
return(token.Build());
}
public static string Encode(string secret, IDictionary <string, object> payload, JwtHashAlgorithm type = JwtHashAlgorithm.HS256)
{
HMACSHAAlgorithmFactory factory = new HMACSHAAlgorithmFactory();
IJwtAlgorithm algorithm = factory.Create(type);
JWT.IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var builder = new JwtBuilder()
.WithAlgorithm(algorithm)
.WithSecret(secret);
if (payload != null)
{
foreach (var key in payload.Keys)
{
builder = builder.AddClaim(key, payload[key]);
}
}
var token = builder.Build();
return(token);
}
/// <summary>
/// Creates a URI with authentication token.
/// </summary>
/// <param name="expiresAt">UTC time when the token expires.</param>
/// <param name="userId"></param>
/// <param name="roles"></param>
/// <returns></returns>
public virtual Uri GenerateClientAccessUri(DateTimeOffset expiresAt, string userId = default, params string[] roles)
{
var keyBytes = Encoding.UTF8.GetBytes(_credential.Key);
var jwt = new JwtBuilder(keyBytes);
var now = DateTimeOffset.UtcNow;
string endpoint = this.endpoint.AbsoluteUri;
if (!endpoint.EndsWith("/", StringComparison.Ordinal))
{
endpoint += "/";
}
var audience = $"{endpoint}client/hubs/{hub}";
if (userId != default)
{
jwt.AddClaim(JwtBuilder.Sub, userId);
}
if (roles != default && roles.Length > 0)
{
jwt.AddClaim(s_role, roles);
}
jwt.AddClaim(JwtBuilder.Nbf, now);
jwt.AddClaim(JwtBuilder.Exp, expiresAt);
jwt.AddClaim(JwtBuilder.Iat, now);
jwt.AddClaim(JwtBuilder.Aud, audience);
string token = jwt.BuildString();
var clientEndpoint = new UriBuilder(endpoint);
clientEndpoint.Scheme = this.endpoint.Scheme == "http" ? "ws" : "wss";
var uriString = $"{clientEndpoint}client/hubs/{hub}?access_token={token}";
return(new Uri(uriString));
}
public string Encode(object payload)
{
return(_builder.AddClaim("payload", payload).Encode());
}
public override void SerializeToJwt(JwtBuilder builder)
{
base.SerializeToJwt(builder);
builder.AddClaim("steamId", this.SteamID);
}
