/// <summary> /// Generates a JWT with RSA512 using a private key loaded from the environment. /// </summary> /// <remarks> /// A JWT is compromised of 3 dot-separated, base64 strings. /// Jose_Header.JWT_Payload.JWT_Signature /// </remarks> /// <param name="payload">The data to be encrypted.</param> /// <returns>The JWT.</returns> public string GenerateJWT(Dictionary <string, string> payload) { // TODO CHECK PUBLIC KEY AND PRIVATE KEY, CHECK THEIR LENGTHS AND IF THEY INCLUDE ----BEGIN... ---END... ETC // Make sure we have the proper parameters inside the dictionary if (!payload.ContainsKey(Constants.UserTypeKey) || !payload.ContainsKey(Constants.IdKey)) { throw new ArgumentException("UserType or ID was not provided."); } // Create the header and convert it to a Base64 string Dictionary <string, string> joseHeader = new Dictionary <string, string> { { Constants.MediaType, Constants.MediaJWT }, // Media type { Constants.SigningAlgKey, Constants.SIGNING_ALGORITHM } // Signing algorithm type }; // If the expiration date wasn't already specified, then create one if (!payload.ContainsKey(Constants.EXPIRATION_FIELD)) { // Add a 20 min expiration payload.Add(Constants.EXPIRATION_FIELD, TimeUtilityService.GetEpochFromNow().ToString()); } // Base64 encode the header and payload string encodedHeader = StringUtilityService.DictionaryToString(joseHeader).ToBase64URL(); string encodedPayload = StringUtilityService.DictionaryToString(payload).ToBase64URL(); // The signature will be the hash of the header and payload string stringToSign = encodedHeader + '.' + encodedPayload; // Create the signature string signature = GetPKCSSignature(stringToSign).ToBase64URL(); return(string.Format("{0}.{1}.{2}", encodedHeader, encodedPayload, signature)); }
/// <summary> /// Refreshes a token to be active for 20 more minutes. /// </summary> /// <param name="jwt">The token that needs to be refreshed.</param> /// <returns>A new token that has been refreshed and active for 20 more minutes.</returns> public string RefreshJWT(string jwt, int minutes = Constants.TOKEN_EXPIRATION_MIN) { Dictionary <string, string> payload = _authorizationService.DecryptJWT(jwt); // Refresh the token for an additional 20 minutes payload[Constants.EXPIRATION_FIELD] = TimeUtilityService.GetEpochFromNow(minutes).ToString(); return(_authorizationService.GenerateJWT(payload)); }