Merge remote-tracking branch 'remotes/origin/release/1.13.0' into develop

web/documentserver-example/csharp-mvc/Helpers/JwtManager.cs

@@ -20,6 +20,7 @@ using JWT;
 using JWT.Algorithms;
 using JWT.Builder;
 using JWT.Serializers;
+using System;
 using System.Collections.Generic;
 using System.Web.Configuration;
 
@@ -30,17 +31,25 @@ namespace OnlineEditorsExampleMVC.Helpers
         private static readonly string Secret;
         public static readonly bool Enabled;
         public static readonly bool SignatureUseForRequest;
+        public static readonly int ExpiresIn;
 
         static JwtManager()
         {
             Secret = WebConfigurationManager.AppSettings["files.docservice.secret"] ?? "";  // get token secret from the config parameters
             Enabled = !string.IsNullOrEmpty(Secret);  // check if the token is enabled
+            ExpiresIn = int.Parse(WebConfigurationManager.AppSettings["files.docservice.token.expires-in"]);
             SignatureUseForRequest = bool.Parse(WebConfigurationManager.AppSettings["files.docservice.token.useforrequest"]);
         }
 
         // encode a payload object into a token using a secret key
         public static string Encode(IDictionary<string, object> payload)
         {
+            var now = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
+            var expires = now + ExpiresIn * 60;
+
+            payload["iat"] = now;
+            payload["exp"] = expires;
+
             var encoder = new JwtEncoder(new HMACSHA256Algorithm(),
                                          new JsonNetSerializer(),
                                          new JwtBase64UrlEncoder());

web/documentserver-example/csharp-mvc/web.appsettings.config

@@ -13,6 +13,7 @@
   <add key="files.docservice.header" value="Authorization" />
 
   <add key="files.docservice.token.useforrequest" value="true" />
+  <add key="files.docservice.token.expires-in" value="5"/>
 
   <add key="files.docservice.verify-peer-off" value="true"/>