Invitation link implementation .NET WEB API [closed]

Question

I`m developing .NET Web API pet application, that uses JWT authentication.

It has private rooms(lets say lobbies), so users don't have access to the list of them.

The idea is to create invitation link like https://mycoolapp.com/Room/sd1Fds/join=token, so unauthorized user can click it and join room after he logs in.

The idea comes from discord invitation link Like here

I want it to have expiration time, so user can choose between 3,5,7 hours for example. Discord implementation

The question is, how should I implement it, Im currently looking at SecurityToken` class, is that right approach?

Answer 1

Personally I would go with KISS principle and just generated some random unique id (Guid.NewGuid can be sufficient) and stored it in the database with additional information (like expiration date, invited person ids, etc.) and on join attempt validated that link against the stored data (link has not expired, person attempting to join is in the list, etc.).

Answer 2

yes, the SecurityToken is a good point to start

you can create a room and generate a unique id (GUID) for that. then create a JWT token and include the generated unique id as a claim into it. then generate the invitation link including the JWT token and send it to guest

after the guest clicks on the link, redirect to the login page and then redirect to the API with the JWT token included in the query string. in the endpoint that handles the invitation link, check if everything is ok and the id exists as a claim, and the expiration time is ok, grant the user access to the private room