I'm trying to implement WOPI on my application but im having a hard time to find the secret key to generate a token see below image for the sample code from github
Generate Token code:
public SecurityToken GenerateAccessToken(string userId, string resourceId)
{
var user = _userDatabase[userId];
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = user.Identities.FirstOrDefault(),
Expires = DateTime.UtcNow.AddHours(1), //access token ttl: https://wopi.readthedocs.io/projects/wopirest/en/latest/concepts.html#term-access-token-ttl
SigningCredentials = new SigningCredentials(Key, SecurityAlgorithms.HmacSha256)
};
return _tokenHandler.CreateToken(tokenDescriptor);
}
Get Key, the sample below is just a dummy key but there's no guide where to get it
private SymmetricSecurityKey Key
{
get
{
if (_key is null)
{
//RandomNumberGenerator rng = RandomNumberGenerator.Create();
//byte[] key = new byte[128];
//rng.GetBytes(key);
var key = Encoding.ASCII.GetBytes("secretKeysecretKeysecretKey123"/* + new Random(DateTime.Now.Millisecond).Next(1,999)*/);
_key = new SymmetricSecurityKey(key);
}
return _key;
}
}
Im using this GitHub below for the reference https://github.com/petrsvihlik/WopiHost/blob/5a1c78a9102d56b62e8023c2c045d6f056008ed2/WopiHost.FileSystemProvider/WopiSecurityHandler.cs#L66
The implementation of the key validation is intentionally left up to the developer here. You can use the preconfigured
SecurityAlgorithms.HmacSha256or you can swap it with an asymmetric algorithm.If you wish to continue using the symmetric key, the idea is to configure the environment with the key. So you can put your secret key in the environment variables and replace
secretKeysecretKeysecretKey123withSystem.Environment.GetEnvironmentVariable("WOPI_SECRET").However, this part of the OS project is not quite finalized so it may require a little more work here and there.