Support JWT sub and acl

Vonage · Jul 21, 2018 · 80ed233 · 80ed233
1 parent 02965c9
commit 80ed233
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 4 deletions.
diff --git a/Nexmo.Api/Jwt.cs b/Nexmo.Api/Jwt.cs
@@ -7,7 +7,7 @@ namespace Nexmo.Api
 {
     internal class Jwt
     {
-        internal static string CreateToken(string appId, string privateKey)
+        internal static string CreateToken(string appId, string privateKey, string sub = null)
         {
             var tokenData = new byte[64];
             var rng = RandomNumberGenerator.Create();
@@ -18,9 +18,32 @@ internal static string CreateToken(string appId, string privateKey)
             {
                 { "iat", (long) (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds },
                 { "application_id", appId },
-                { "jti", jwtTokenId }
+                { "jti", jwtTokenId },
+                // TODO: Hardcoded
+                { "acl", new Dictionary<string, object>
+                    {
+                        { "paths", new Dictionary<string, object>
+                            {
+                                { "/v1/users/**", new {} },
+                                { "/v1/conversations/**", new {} },
+                                { "/v1/sessions/**", new {} },
+                                { "/v1/devices/**", new {} },
+                                { "/v1/image/**", new {} },
+                                { "/v3/media/**", new {} },
+                                { "/v1/applications/**", new {} },
+                                { "/v1/push/**", new {} },
+                                { "/v1/knocking/**", new {} },
+                            }
+                        }
+                    }
+                }
             };
 
+            if (!string.IsNullOrEmpty(sub))
+            {
+                payload["sub"] = sub;
+            }
+
             var rsa = PemParse.DecodePEMKey(privateKey);
 
             return JWT.Encode(payload, rsa, JwsAlgorithm.RS256);

diff --git a/Nexmo.Api/Request/Credentials.cs b/Nexmo.Api/Request/Credentials.cs
@@ -29,6 +29,11 @@ public class Credentials
         /// </summary>
         public string AppUserAgent { get; set; }
 
+        /// <summary>
+        /// (Optional) sub (Subject) to use when generating a JWT
+        /// </summary>
+        public string JwtSubject { get; set; }
+
         public Credentials (string nexmoApiKey, string nexmoApiSecret)
         {
             ApiKey = nexmoApiKey;

diff --git a/Nexmo.Api/Request/VersionedApiRequest.cs b/Nexmo.Api/Request/VersionedApiRequest.cs
@@ -42,7 +42,7 @@ private static string DoRequest(Uri uri, Credentials creds = null)
             SetUserAgent(ref req, creds);
             // attempt bearer token auth
             req.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer",
-                Jwt.CreateToken(appId, appKeyPath));
+                Jwt.CreateToken(appId, appKeyPath, creds?.JwtSubject ?? string.Empty));
 
             using (LogProvider.OpenMappedContext("VersionedApiRequest.DoRequest",uri.GetHashCode()))
             {
@@ -133,7 +133,7 @@ public static NexmoResponse DoRequest(string method, Uri uri, object payload, Cr
             SetUserAgent(ref req, creds);
             // attempt bearer token auth
             req.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer",
-                Jwt.CreateToken(appId, appKeyPath));
+                Jwt.CreateToken(appId, appKeyPath, creds?.JwtSubject ?? string.Empty));
 
             var data = Encoding.ASCII.GetBytes(JsonConvert.SerializeObject(payload,
                 Formatting.None, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Ignore }));