How to use the new Microsoft.IdentityModel.JsonWebTokens to create a JwtSecurityToken?

Question

Since https://www.nuget.org/packages/Microsoft.IdentityModel.JsonWebTokens is a 'newer, faster version of System.IdentityModel.Tokens.Jwt that has additional functionality', but I didn't find some example on how to switch to the new NuGet package, I wanted to ask how to convert the following code (Which uses System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.Tokens) to Microsoft.IdentityModel.JsonWebTokens code. The hardcoded values are just for reference, of course.

var data = Encoding.UTF8.GetBytes("SomeStringFromConfig1234");
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(data);

var claims = new List<System.Security.Claims.Claim>
{
    new System.Security.Claims.Claim(ClaimTypes.Name, "Testuser"),
    new System.Security.Claims.Claim(ClaimTypes.GroupSid, "Tenant1"),
    new System.Security.Claims.Claim(ClaimTypes.Sid, "3c545f1c-cc1b-4cd5-985b-8666886f985b")
});

var algorithms = Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature;
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, algorithms));

var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
    "MyIssuer",
    "MyAudience",
    claims,
    expires: DateTime.UtcNow.AddMinutes(120),
    signingCredentials: credentials;

var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var tokenString = tokenHandler.WriteToken(token);

Answer 1

This should work:

var data = Encoding.UTF8.GetBytes("SomeStringFromConfig1234 SomeStringFromConfig1234");
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(data);

var claims = new Dictionary<string, object>
{
    [ClaimTypes.Name] = "Testuser",
    [ClaimTypes.GroupSid] = "Tenant1",
    [ClaimTypes.Sid] = "3c545f1c-cc1b-4cd5-985b-8666886f985b"
};
var descriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor
{
    Issuer = "MyIssuer",
    Audience = "MyAudience",
    Claims = claims,
    IssuedAt = null,
    NotBefore = DateTime.UtcNow,
    Expires = DateTime.UtcNow.AddMinutes(120),
    SigningCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature)
};

var handler = new Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler();
handler.SetDefaultTimesOnTokenCreation = false;
var tokenString = handler.CreateToken(descriptor);

Then if compare JWT payload from the output string:

{
  "aud": "MyAudience",
  "iss": "MyIssuer",
  "exp": 1709078400,
  "nbf": 1708992000,
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "Testuser",
  "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid": "Tenant1",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid": "3c545f1c-cc1b-4cd5-985b-8666886f985b"
}

with the JWT payload from original code:

{
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "Testuser",
  "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid": "Tenant1",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid": "3c545f1c-cc1b-4cd5-985b-8666886f985b",
  "nbf": 1708992000,
  "exp": 1709078400,
  "iss": "MyIssuer",
  "aud": "MyAudience"
}

both JWT payloads have the same claims