in FirebaseAdmin/FirebaseAdmin/Auth/Jwt/FirebaseTokenFactory.cs [122:174]
internal async Task<string> CreateCustomTokenAsync(
string uid,
IDictionary<string, object> developerClaims = null,
CancellationToken cancellationToken = default(CancellationToken))
{
if (string.IsNullOrEmpty(uid))
{
throw new ArgumentException("uid must not be null or empty");
}
else if (uid.Length > 128)
{
throw new ArgumentException("uid must not be longer than 128 characters");
}
if (developerClaims != null)
{
foreach (var entry in developerClaims)
{
if (ReservedClaims.Contains(entry.Key))
{
throw new ArgumentException(
$"reserved claim {entry.Key} not allowed in developerClaims");
}
}
}
var header = new JsonWebSignature.Header()
{
Algorithm = this.Signer.Algorithm,
Type = "JWT",
};
var issued = (int)(this.Clock.UtcNow - UnixEpoch).TotalSeconds;
var keyId = await this.Signer.GetKeyIdAsync(cancellationToken).ConfigureAwait(false);
var payload = new CustomTokenPayload()
{
Uid = uid,
Issuer = keyId,
Subject = keyId,
Audience = FirebaseAudience,
IssuedAtTimeSeconds = issued,
ExpirationTimeSeconds = issued + TokenDurationSeconds,
TenantId = this.TenantId,
};
if (developerClaims != null && developerClaims.Count > 0)
{
payload.Claims = developerClaims;
}
return await JwtUtils.CreateSignedJwtAsync(
header, payload, this.Signer, cancellationToken).ConfigureAwait(false);
}