using System.Security.Cryptography; using System.Text; using System.Text.Json; namespace Acl.Infrastructure; /// Mints a ZGW (vng-api-common) JWT: HS256 over the standard claims. internal static class ZgwToken { public static string Mint(string clientId, string secret) { var header = B64Url(JsonSerializer.SerializeToUtf8Bytes(new { alg = "HS256", typ = "JWT" })); var payload = B64Url(JsonSerializer.SerializeToUtf8Bytes(new { iss = clientId, iat = DateTimeOffset.UtcNow.ToUnixTimeSeconds(), client_id = clientId, user_id = "acl", user_representation = "acl", })); var signingInput = $"{header}.{payload}"; using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); var signature = B64Url(hmac.ComputeHash(Encoding.UTF8.GetBytes(signingInput))); return $"{signingInput}.{signature}"; } private static string B64Url(byte[] bytes) => Convert.ToBase64String(bytes).TrimEnd('=').Replace('+', '-').Replace('/', '_'); }