/// <summary> /// Generates a self-signed assertion. /// </summary> /// <param name="webToken">Json web token.</param> /// <param name="signingCert">Signing certificate.</param> /// <returns>Self signed assertion.</returns> public static string GenerateAssertion( JsonWebToken webToken, X509Certificate2 signingCert) { string encodedHash = Base64Utils.Encode(signingCert.GetCertHash()); JsonWebTokenHeader tokenHeaderContract = new JsonWebTokenHeader("RS256", encodedHash); string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson()); string tokenBody = Base64Utils.Encode(webToken.EncodeToJson()); string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody); string hash = Base64Utils.Encode(JsonWebTokenHelper.SignData(signingCert, rawToken)); string accessToken = string.Format( "{0}.{1}", rawToken, hash); return accessToken; }
public OAuthAccessToken GetAccessToken() { string stsUrl = "https://accounts.accesscontrol.windows.net/tokens/OAuth/2"; string AcsPrincipalId = "00000001-0000-0000-c000-000000000000"; // Service Principal ID for the graphService principal - this is a Universal (reserved) id for all tenants string protectedResourcePrincipalId = "00000002-0000-0000-c000-000000000000"; string protectedResourceHostName = "directory.windows.net"; var webToken = new JsonWebToken( this.spnAppPrincipalId, tenantId.ToString(), (new Uri(stsUrl)).DnsSafeHost, AcsPrincipalId, DateTime.Now.ToUniversalTime(), 60 * 60); string jwt = JsonWebTokenHelper.GenerateAssertion(webToken, this.spnSymmetricKey); string resource = String.Format("{0}/{1}@{2}", protectedResourcePrincipalId, protectedResourceHostName, tenantId); OAuthAccessToken accessToken = JsonWebTokenHelper.GetOAuthAccessTokenFromACS(stsUrl, jwt, resource); return accessToken; }
/// <summary> /// Generate access token with a symmetric signing key. /// </summary> /// <param name="webToken">JSON web token.</param> /// <param name="signingKey">Symmetric signing key.</param> /// <returns>OAuth bearer token (self signed)</returns> public static string GenerateAccessToken(JsonWebToken webToken, string signingKey) { return String.Format( "{0}{1}", JsonWebTokenHelper.BearerTokenPrefix, JsonWebTokenHelper.GenerateAssertion(webToken, signingKey)); }
/// <summary> /// Generate access token with a symmetric signing key. /// </summary> /// <param name="webToken">JSON web token.</param> /// <param name="signingKey">Symmetric signing key.</param> /// <returns>Self signed assertion.</returns> public static string GenerateAssertion(JsonWebToken webToken, string signingKey) { JsonWebTokenHeader tokenHeaderContract = new JsonWebTokenHeader("HS256", String.Empty); string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson()); string tokenBody = Base64Utils.Encode(webToken.EncodeToJson()); string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody); string signature = Base64Utils.Encode(JsonWebTokenHelper.SignData(signingKey, rawToken)); string accessToken = string.Format( "{0}.{1}", rawToken, signature); return accessToken; }