|
|
@@ -107,6 +107,67 @@ namespace TEAMModelOS.SDK.Extension
|
|
|
var serializeToken = tokenHandler.WriteToken(secToken);
|
|
|
return (serializeToken,jti);
|
|
|
}
|
|
|
+ /// <summary>
|
|
|
+ ///
|
|
|
+ /// </summary>
|
|
|
+ /// <param name="issuer">颁发者</param>
|
|
|
+ /// <param name="id">第三方合作uuid</param>
|
|
|
+ /// <param name="salt"></param>
|
|
|
+ /// <param name="expire"></param>
|
|
|
+ /// <returns></returns>
|
|
|
+ public static (string jwt, string jti) CreateSchoolApiToken(string location, string id, string salt, string scope, List<int> auth, string schoolID = "")
|
|
|
+ {
|
|
|
+
|
|
|
+ var keys = OpenApiJtwIssuer.OpenApiJtw签发者.GetDescriptionText().Split(',');
|
|
|
+ string issuer = "";
|
|
|
+ if (location.Equals("China-Dep"))
|
|
|
+ {
|
|
|
+ issuer = keys[0];
|
|
|
+ }
|
|
|
+ else if (location.Equals("China-Test"))
|
|
|
+ {
|
|
|
+ issuer = keys[0];
|
|
|
+ }
|
|
|
+ else if (location.Equals("China"))
|
|
|
+ {
|
|
|
+ issuer = keys[1];
|
|
|
+ }
|
|
|
+ else if (location.Equals("Global-Dep"))
|
|
|
+ {
|
|
|
+ issuer = keys[2];
|
|
|
+ }
|
|
|
+ else if (location.Equals("Global-Test"))
|
|
|
+ {
|
|
|
+ issuer = keys[2];
|
|
|
+ }
|
|
|
+ else if (location.Equals("Global"))
|
|
|
+ {
|
|
|
+ issuer = keys[3];
|
|
|
+ }
|
|
|
+ string jti = Guid.NewGuid().ToString();
|
|
|
+ // 設定要加入到 JWT Token 中的聲明資訊(Claims)
|
|
|
+ var payload = new JwtPayload {
|
|
|
+ { JwtRegisteredClaimNames.Iss, issuer }, //發行者 iss: jwt签发者
|
|
|
+ { JwtRegisteredClaimNames.Sub, id }, // APPID sub: jwt所面向的用户
|
|
|
+ {JwtRegisteredClaimNames.Jti, jti},
|
|
|
+ { "scope",scope},
|
|
|
+ { "auth",auth},
|
|
|
+ { JwtRegisteredClaimNames.Azp,schoolID}, // 學校簡碼,如果有的話
|
|
|
+ };
|
|
|
+
|
|
|
+ // 建立一組對稱式加密的金鑰,主要用於 JWT 簽章之用
|
|
|
+ var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(salt));
|
|
|
+ // HmacSha256 有要求必須要大於 128 bits,所以 salt 不能太短,至少要 16 字元以上
|
|
|
+ // https://stackoverflow.com/questions/47279947/idx10603-the-algorithm-hs256-requires-the-securitykey-keysize-to-be-greater
|
|
|
+ var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
|
|
|
+ var header = new JwtHeader(signingCredentials);
|
|
|
+ var secToken = new JwtSecurityToken(header, payload);
|
|
|
+ // 產出所需要的 JWT securityToken 物件,並取得序列化後的 Token 結果(字串格式)
|
|
|
+ var tokenHandler = new JwtSecurityTokenHandler();
|
|
|
+ //var securityToken = tokenHandler.CreateToken(tokenDescriptor);
|
|
|
+ var serializeToken = tokenHandler.WriteToken(secToken);
|
|
|
+ return (serializeToken, jti);
|
|
|
+ }
|
|
|
|
|
|
public static string CreateApiToken(string issuer, string id, string salt, string name, List<int> auth, string schoolID = "", int expire = 1)
|
|
|
{
|
CrazyIter_Bin