public IToken GenerateAuthorizationToken(AuthorizationRequest request, ClaimsPrincipal identity)
{
if (request.Response_Type != "code")
{
throw new System.Security.SecurityException("Oauth request ResponseType MUST be \"code\"");
}
var tokenId = Guid.NewGuid().ToString("N");
var tokenHandler = new JwtSecurityTokenHandler();
var signingKey = this.options.Value.Keys.First();
var token = tokenHandler.CreateToken(new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor
{
Audience = this.options.Value.Issuer,
Expires = (DateTime.Now + this.options.Value.AuthorizationCodeLifetime),
NotBefore = DateTime.Now.AddMinutes(-1),
IssuedAt = DateTime.Now,
Issuer = this.options.Value.Issuer,
SigningCredentials = signingKey.Value,
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(TokenIdClaim, tokenId),
new Claim(TokenUsageClaim, "authorization_code"),
new Claim(KeyIdClaim, signingKey.Key),
identity.FindFirst(ClaimTypes.NameIdentifier)
})
});
return(tokenHandler.GetAuthorizationCode(tokenId, token));
}