You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.9 KiB
56 lines
1.9 KiB
using System.Security.Claims;
|
|
using System.Security.Cryptography;
|
|
using Microsoft.IdentityModel.JsonWebTokens;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace OAuthServer.Services;
|
|
|
|
public class JwtService {
|
|
public readonly RSA RsaKey;
|
|
|
|
public JwtService() {
|
|
RsaKey = GetSigningKey();
|
|
}
|
|
|
|
public static RSA GetSigningKey() {
|
|
RSA rsaKey = RSA.Create();
|
|
const string jwtKeyPath = ".aspnet/jwt-key";
|
|
const string jwtPubKeyPath = ".aspnet/jwt-key.pub";
|
|
string home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
|
|
string fullPath = Path.Combine(home, jwtKeyPath);
|
|
if (File.Exists(fullPath)) {
|
|
rsaKey.ImportRSAPrivateKey(File.ReadAllBytes(fullPath), out _);
|
|
} else {
|
|
string? dirName = Path.GetDirectoryName(fullPath);
|
|
if (!string.IsNullOrEmpty(dirName))
|
|
Directory.CreateDirectory(dirName);
|
|
|
|
var privateKey = rsaKey.ExportRSAPrivateKey();
|
|
File.WriteAllBytes(fullPath, privateKey);
|
|
}
|
|
|
|
return rsaKey;
|
|
}
|
|
|
|
public string GenerateToken(string audience, string? nonce) {
|
|
var handler = new JsonWebTokenHandler();
|
|
var key = new RsaSecurityKey(RsaKey);
|
|
var claims = new List<Claim> {
|
|
new(JwtRegisteredClaimNames.Iss, "http://localhost:1234"),
|
|
new(JwtRegisteredClaimNames.Sub, "user1"),
|
|
new(JwtRegisteredClaimNames.Aud, audience),
|
|
new("role", "External"),
|
|
new("scope", "scope:1"),
|
|
};
|
|
if (nonce != null) {
|
|
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, nonce));
|
|
}
|
|
|
|
var token = handler.CreateToken(new SecurityTokenDescriptor {
|
|
Subject = new ClaimsIdentity(claims),
|
|
Expires = DateTime.UtcNow.AddDays(10),
|
|
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256)
|
|
});
|
|
return token;
|
|
}
|
|
} |