public static string CreateJwtSecurityToken()

in src/Microsoft.Azure.SignalR.Common/Auth/SignalRJwtSecurityTokenHandler.cs [31:109]

• 66 lines of code
• 14 McCabe index (conditional complexity)

    public static string CreateJwtSecurityToken(DateTime? notBefore = null,
                                                 DateTime? expires = null,
                                                 DateTime? issuedAt = null,
                                                 string issuer = null,
                                                 string audience = null,
                                                 ClaimsIdentity subject = null,
                                                 byte[] key = null,
                                                 string kid = null,
                                                 AccessTokenAlgorithm algorithm = AccessTokenAlgorithm.HS256)
    {
        if (!expires.HasValue || !issuedAt.HasValue || !notBefore.HasValue)
        {
            var now = DateTime.UtcNow;
            if (!expires.HasValue)
            {
                expires = now + TimeSpan.FromMinutes(60);
            }

            if (!issuedAt.HasValue)
            {
                issuedAt = now;
            }

            if (!notBefore.HasValue)
            {
                notBefore = now;
            }
        }

        var payload = new JwtPayload(issuer, audience, subject == null ? null : OutboundClaimTypeTransform(subject.Claims), notBefore, expires, issuedAt);
        var header = new JwtHeader(kid, algorithm);

        var rawHeader = header.Base64UrlEncode();
        var rawPayload = payload.Base64UrlEncode();
        var message = string.Concat(header.Base64UrlEncode(), ".", payload.Base64UrlEncode());

        var rawSignature = string.Empty;

        // Use a much simpler way for signature encryption than Package System.IdentityModel.Tokens.Jwt
        if (key != null)
        {
            HMAC hash = algorithm switch
            {
                AccessTokenAlgorithm.HS256 => new HMACSHA256(key),
                AccessTokenAlgorithm.HS512 => new HMACSHA512(key),
                _ => throw new NotSupportedException("Unsupported Encryption Algorithm for JWT Token"),
            };
            var messageBytes = Encoding.UTF8.GetBytes(message);
            var hashed = hash.ComputeHash(messageBytes, 0, messageBytes.Length);
            rawSignature = Base64UrlEncoder.Encode(hashed);
        }

        if (header == null)
        {
            throw LogHelper.LogArgumentNullException(nameof(header));
        }

        if (payload == null)
        {
            throw LogHelper.LogArgumentNullException(nameof(payload));
        }

        if (string.IsNullOrWhiteSpace(rawHeader))
        {
            throw LogHelper.LogArgumentNullException(nameof(rawHeader));
        }

        if (string.IsNullOrWhiteSpace(rawPayload))
        {
            throw LogHelper.LogArgumentNullException(nameof(rawPayload));
        }

        if (rawSignature == null)
        {
            throw LogHelper.LogArgumentNullException(nameof(rawSignature));
        }

        return string.Concat(message, ".", rawSignature);
    }