Class JwtService

Useful JWT service for generating and validating tokens.

Inheritance

System.Object

JwtService

Inherited Members

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: GlitchedPolygons.Services.JwtService

Assembly: GlitchedPolygons.Services.JwtService.dll

Syntax

public class JwtService

Constructors

| Improve this Doc View Source

JwtService(RSAParameters, IEnumerable<String>, IEnumerable<String>, Boolean, Nullable<TimeSpan>)

Constructs a new JwtService instance used for generating/validating tokens asymmetrically using the specified RSA key and token settings.

Declaration

public JwtService(RSAParameters rsaKey, IEnumerable<string> issuers = null, IEnumerable<string> audiences = null, bool validateLifetime = true, TimeSpan? clockSkew = default(TimeSpan? ))

Parameters

Type	Name	Description
System.Security.Cryptography.RSAParameters	rsaKey	If this JwtService instance is meant to generate new tokens, this must be the private RSA key, because that's needed for signing JWTs. If you're only validating tokens though, well then you can pass the public key here.
System.Collections.Generic.IEnumerable<System.String>	issuers	The list of valid issuers. Can be left out `null` (any issuer would be valid in that case).
System.Collections.Generic.IEnumerable<System.String>	audiences	The list of valid audiences. Can be left out `null` (any audience is valid in that case).
System.Boolean	validateLifetime	Should the tokens be validated against their expiration date too? If `false`, tokens that are already expired WILL validate nonetheless by default with this JwtService instance.
System.Nullable<System.TimeSpan>	clockSkew	The clock skew to apply (default is 3 minutes).

| Improve this Doc View Source

JwtService(String, IEnumerable<String>, IEnumerable<String>, Boolean, Nullable<TimeSpan>)

Constructs a new JwtService instance used for generating and validating tokens using the specified settings. Uses the HMAC-SHA512 algorithm.

Declaration

public JwtService(string key, IEnumerable<string> issuers = null, IEnumerable<string> audiences = null, bool validateLifetime = true, TimeSpan? clockSkew = default(TimeSpan? ))

Parameters

Type	Name	Description
System.String	key	The private key used for generating (and validating) tokens. DO NOT store this anywhere inside your source code/repo! Use a decent secret managing tool instead.
System.Collections.Generic.IEnumerable<System.String>	issuers	The list of valid issuers. Can be left out `null` (any issuer is valid in that case).
System.Collections.Generic.IEnumerable<System.String>	audiences	The list of valid audiences. Can be left out `null` (any audience is valid in that case).
System.Boolean	validateLifetime	Should the tokens be validated against their expiration date too? If `false`, tokens that are already expired WILL validate nonetheless by default with this JwtService instance.
System.Nullable<System.TimeSpan>	clockSkew	The clock skew to apply (default is 3 minutes).

Methods

| Improve this Doc View Source

GenerateToken(Nullable<TimeSpan>, Nullable<DateTime>, String, String, IEnumerable<Claim>)

Generates and returns a fresh JWT.

If you want the token to expire, set the lifetime parameter to anything not null.

You can also generate a token that will only be valid in the future: use the notBefore parameter for this (make sure it is later than DateTime.UtcNow).

Declaration

public string GenerateToken(TimeSpan? lifetime = default(TimeSpan? ), DateTime? notBefore = default(DateTime? ), string issuer = null, string audience = null, IEnumerable<Claim> claims = null)

Parameters

Type	Name	Description
System.Nullable<System.TimeSpan>	lifetime	The maximum lifetime of this token. Recommended value is around 15 minutes (`TimeSpan.FromMinutes(15)`).
System.Nullable<System.DateTime>	notBefore	If not `null`, the generated token will only be valid from this System.DateTime on.
System.String	issuer	Optional issuer claim.
System.String	audience	Optional audience claim.
System.Collections.Generic.IEnumerable<System.Security.Claims.Claim>	claims	Any additional custom claims.

Returns

Type	Description
System.String	The generated JWT in its final, encoded state.

| Improve this Doc View Source

ValidateToken(String, TokenValidationParameters)

Validates a JWT string that has been created using the GenerateToken(Nullable<TimeSpan>, Nullable<DateTime>, String, String, IEnumerable<Claim>) method.

If the validation was successful, a JwtValidationResult containing both the raw, validated System.IdentityModel.Tokens.Jwt.JwtSecurityToken and the deserialized System.Security.Principal.IPrincipal instance is returned.

If anything went wrong though (invalid, expired, etc...), the returned JwtValidationResult object contains information about the failure (e.g. thrown System.Exception, error message string).

Declaration

public JwtValidationResult ValidateToken(string jwt, TokenValidationParameters validationParameters = null)

Parameters

Type	Name	Description
System.String	jwt	The token to validate (encoded jwt).
Microsoft.IdentityModel.Tokens.TokenValidationParameters	validationParameters	The Microsoft.IdentityModel.Tokens.TokenValidationParameters to use for validation: can be left out `null` (the parameters defined in the JwtService constructor are used in that case). If you decide to pass this argument, make absolutely sure that you pass the correct Microsoft.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKey needed for validation, or else you'll run into errors for sure! Especially for asymmetrically signed tokens you need to be careful to pass the correct public RSA key. For standard symmetric JWTs, that would be the same key you used to generate the token.

Returns

Type	Description
JwtValidationResult	A JwtValidationResult object containing the validation's outcome.