I`m developing .NET Web API pet application, that uses JWT authentication.
It has private rooms(lets say lobbies), so users don't have access to the list of them.
The idea is to create invitation link like https://mycoolapp.com/Room/sd1Fds/join=token,
so unauthorized user can click it and join room after he logs in.
The idea comes from discord invitation link Like here
I want it to have expiration time, so user can choose between 3,5,7 hours for example. Discord implementation
The question is, how should I implement it, Im currently looking at SecurityToken` class, is that right approach?
yes, the SecurityToken is a good point to start
you can create a room and generate a unique id (GUID) for that. then create a JWT token and include the generated unique id as a claim into it. then generate the invitation link including the JWT token and send it to guest
after the guest clicks on the link, redirect to the login page and then redirect to the API with the JWT token included in the query string. in the endpoint that handles the invitation link, check if everything is ok and the id exists as a claim, and the expiration time is ok, grant the user access to the private room
