Here is a complete signature generation code using c# and System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler
hopefully it would help others:
public string GenerateSdkJwtToken(string apiKey, string apiSecret, string meetingNumber, int role)
{
//convert secret to byte[]. This is the correct way.
var symmetricKey = Encoding.ASCII.GetBytes(apiSecret);
var tokenHandler = new JwtSecurityTokenHandler();
//don't automatically add nbf to the generated token.
tokenHandler.SetDefaultTimesOnTokenCreation = false;
//set issue date and expiration.
var now = DateTime.UtcNow;
//get epoch seconds.
long tss = ToTimestamp(now.ToUniversalTime()) - 30;
long expTs = tss + 60 * 60 * 2; //add a reasonable value for expiration time.
//token payload
var objTokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim("sdkKey", sdkKey),
new Claim("mn", meetingNumber),
new Claim("role", role.ToString()),
new Claim("iat", tss.ToString()),
new Claim("exp", expTs.ToString()),
new Claim("appKey", sdkKey),
new Claim("tokenExp", expTs.ToString())
}),
//sign the token using Sha256
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey),SecurityAlgorithms.HmacSha256Signature)
};
var sTokenObj = tokenHandler.CreateToken(objTokenDescriptor );
var strJwtToken = tokenHandler.WriteToken(sTokenObj);
//here is your final token.
return strJwtToken;
}
//There are several way you can get Epoch seconds. Here is one method
public static long ToTimestamp(DateTime value)
{
TimeSpan t = value - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
long secondsSinceEpoch = (int)t.TotalSeconds;
return secondsSinceEpoch;
}