TD-4086 Reworks the JWT token code to generate correct format with correct encoding

Author: kevwhitt-hee

DigitalLearningSolutions.Web/Helpers/ExternalApis/TableauConnectionHelper.cs

@@ -13,6 +13,7 @@
     using System.Net.Http.Headers;
     using System.Net.Http;
     using System.Threading.Tasks;
+    using Microsoft.AspNetCore.DataProtection;
 
     public interface ITableauConnectionHelperService
     {
@@ -40,32 +41,34 @@ public TableauConnectionHelper(IConfiguration config)
         }
         public string GetTableauJwt(string email)
         {
-            var tokenHandler = new JwtSecurityTokenHandler();
-            var key = Encoding.ASCII.GetBytes(connectedAppSecretKey);
+            var key = Encoding.UTF8.GetBytes(connectedAppSecretKey);
+            var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256);
 
-            var claims = new[]
-            {
-                new Claim(JwtRegisteredClaimNames.Sub, user),
-                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
-                new Claim("users.primaryemail", email),
-                new Claim("scp", "tableau:views:embed")
-            };
-            var securityKey = new SymmetricSecurityKey(key);
-            var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
-            var header = new JwtHeader(credentials);
-            header["kid"] = connectedAppSecretId; // Secret ID
-            header["iss"] = connectedAppClientId; // Issuer (iss)
-            var payload = new JwtPayload(
-                connectedAppClientId, // Issuer (iss)
-                "tableau", // Audience (aud)
-                claims,
-                notBefore: DateTime.UtcNow,
-                expires: DateTime.UtcNow.AddMinutes(5)
-            );
+            var claims = new List<Claim>
+        {
+            new Claim(JwtRegisteredClaimNames.Sub, user),
+            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
+            new Claim("users.primaryemail", email),
+        };
+
+            var header = new JwtHeader(signingCredentials)
+        {
+            { "kid", connectedAppSecretId },
+            { "iss", connectedAppClientId }
+        };
+
+            var payload = new JwtPayload
+        {
+            { "iss", connectedAppClientId },
+            { "aud", "tableau" },
+            { "exp", new DateTimeOffset(DateTime.UtcNow.AddMinutes(5)).ToUnixTimeSeconds() },
+            { "sub", user },
+            { "scp", new[] { "tableau:content:read" } }
+        };
 
             var token = new JwtSecurityToken(header, payload);
+            var tokenHandler = new JwtSecurityTokenHandler();
             var tokenString = tokenHandler.WriteToken(token);
-
             return tokenString;
         }
 

DigitalLearningSolutions.Web/appsettings.json

@@ -80,8 +80,11 @@
   },
   "TableauDashboards": {
     "SiteUrl": "https://tabuat.data.england.nhs.uk",
-    "CompetencyDashboardUrl": "https://tabuat.data.england.nhs.uk/#/workbooks/7839/views",
-    "Username": "SVC_default_TEL",
+    "CompetencyDashboardUrl": "https://tabuat.data.england.nhs.uk/#/site/monitor/views/DLSIdentifiableDataNHSEUAT/Cover",
+    //"CompetencyDashboardUrl": "https://tabuat.data.england.nhs.uk/#/workbooks/7866/views",
+    //"CompetencyDashboardUrl": "https://tabuat.data.england.nhs.uk/#/workbooks/7839/views",
+    //"Username": "SVC_default_TEL",
+    "Username": "[email protected]",
     "Password": "",
     "ClientName": "tel_dls",
     "ClientId": "a7906ce3-e0c9-403e-a169-8eb78d858f8a",