guideToken endpoint in ASP.NET

This article presents a simple token endpoint example for creating JSON Web Tokens (JWT tokens) implemented in ASP.NET. Tokens are used by CKEditor Cloud Services to authenticate users.

# Dependencies

Both code examples use the System.IdentityModel.Tokens.Jwt library.
For installation instructions please have a look at the package’s web page on NuGet.

If you are using the package manager console in Visual Studio, you can run the following:

Install-Package System.IdentityModel.Tokens.Jwt

# Examples

When creating a token endpoint to integrate with Easy Image, the token payload should contain at least the environment ID.

using System;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;

namespace CSTokenExample
{
    class Program
    {
        static string createCSToken(string environmentId, string secretKey)
        {
            var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));

            var signingCredentials = new SigningCredentials(securityKey, "HS256");
            var header = new JwtHeader(signingCredentials);

            var dateTimeOffset = new DateTimeOffset(DateTime.UtcNow);

            var payload = new JwtPayload
            {
                { "iss", environmentId },
                { "iat", dateTimeOffset.ToUnixTimeSeconds() }
            };

            var securityToken = new JwtSecurityToken(header, payload);
            var handler = new JwtSecurityTokenHandler();

            return handler.WriteToken(securityToken);
        }

        static void Main(string[] args)
        {
            string secretKey = "w1lnWEN63FPKxBNmxHN7WpfW2IoYVYca5moqIUKfWesL1Ykwv34iR5xwfWLy";
            string environmentId = "LJRQ1bju55p6a47RwadH";

            var tokenString = createCSToken(environmentId, secretKey);

            // Here we are printing the token to the console. In a real usage scenario
            // it should be returned in an HTTP response of the token endpoint.
            Console.WriteLine(tokenString);
        }
    }
}

To enable Collaboration, you have to add the user data and service permissions to the token.

using System;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System.Collections.Generic;

namespace CSTokenExample
{
    class Program
    {
        static string createCSToken(string environmentId, string secretKey, JwtPayload payload)
        {
            var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));

            var signingCredentials = new SigningCredentials(securityKey, "HS256");
            var header = new JwtHeader(signingCredentials);

            var dateTimeOffset = new DateTimeOffset(DateTime.UtcNow);

            payload.Add("iss", environmentId);
            payload.Add("iat", dateTimeOffset.ToUnixTimeSeconds());

            var securityToken = new JwtSecurityToken(header, payload);
            var handler = new JwtSecurityTokenHandler();

            return handler.WriteToken(securityToken);
        }

        static void Main(string[] args)
        {
            string secretKey = "w1lnWEN63FPKxBNmxHN7WpfW2IoYVYca5moqIUKfWesL1Ykwv34iR5xwfWLy";
            string environmentId = "LJRQ1bju55p6a47RwadH";

            var payload = new JwtPayload
            {
                { "user", new Dictionary<string, string> {
                    { "id", "123" },
                    { "email", "joe.doe@example.com" },
                    { "name", "Joe Doe" }
                } },
                { "auth", new Dictionary<string, object> {
                    { "collaboration", new Dictionary<string, object> {
                        { "*", new Dictionary<string, string> {
                            { "role", "writer" }
                        } }
                    } }
                } }
            };

            var tokenString = createCSToken(environmentId, secretKey, payload);

            // Here we are printing the token to the console. In a real usage scenario
            // it should be returned in an HTTP response of the token endpoint.
            Console.WriteLine(tokenString);
        }
    }
}

secretKey and environmentId should be replaced with keys provided by the CKEditor Ecosystem customer dashboard. User data can be taken from the session or the database.

You should then pass the token to the client in an HTTP response of the token endpoint. Do not forget to authenticate the user in your application before you send the token. If the user is unauthenticated, the token endpoint should return an error or redirect to the login page. You should also make sure the token is sent via an encrypted channel.