SmartJWT 1.0.24

🧠 SmartJWT SDK

Dynamic, Context-Aware JWT Authorization & Rules Engine for .NET

Stop hardcoding permissions.
Build intelligent, adaptive JWT authorization that evolves with your business rules — not your code.

SmartJWT enables you to generate smart JWT tokens whose claims and permissions are dynamically evaluated at runtime based on real-world context such as time, location, operation, resource, role, client identity, and custom business rules.

✨ Less code. Fewer bugs. Stronger security.
Designed for startups, SaaS platforms, and enterprise-scale systems.

🌍 Why SmartJWT?

Traditional JWTs are static.
Real-world authorization is not.

SmartJWT bridges that gap by introducing a dynamic rules engine that enriches tokens at issuance time — without databases, complex conditionals, or permission sprawl.

With SmartJWT you can:

• ✅ Eliminate hardcoded role/permission logic
• ✅ Adapt authorization based on context
• ✅ Reduce development time and security errors
• ✅ Scale authorization rules without refactoring
• ✅ Monetize and license your platform securely

⚡ How it works

1. Get your credentials:
   Obtain an API Key from the provider. This key is required to use SmartJWT services.

2. Configure your rules:
   Define your dynamic rules for claims and permissions. These rules determine how JWTs are enriched based on context such as user role, location, operation, etc.

3. Configure SmartJWT:
   Set up session token settings (Optional) and API Key (Required) in your application configuration. You can also register initial rules if needed.

4. Validate & Generate:
   The SDK validates your API Key before issuing a JWT and evaluates all applicable rules for the request context.
   If the rules allow it, a JWT is generated with dynamic claims and permissions.
   No database connection is needed for validation; everything is handled in-memory based on the rules and context.

5. Use the JWT:
   Include the generated JWT in your HTTP headers or API requests as usual. SmartJWT ensures that claims and permissions are applied dynamically based on your defined rules.

💳 Pricing & Licensing

SmartJWT SDK is licensed per API Key, available on a monthly or yearly basis:

Purchase

• Monthly (1 Month Access)
  👉 Pay with PayPal

• Yearly (1 Year Access)
  👉 Pay with PayPal

API Key Delivery

After completing the payment, please send the payment receipt or proof of payment to
📧 zefyr92@gmail.com
with the subject line:

“Request for SmartJWT API Key”

Your API key will be delivered after payment verification.

Once your payment is confirmed, you will receive your API Key and instructions to integrate SmartJWT into your project.

📬 Support & Questions

If you have any questions or need assistance with SmartJWT, you can reach us at:
📧 zefyr92@gmail.com

Please use the following subject line to distinguish support requests from API Key requests:

“SmartJWT Support / Question”

Our team will get back to you as soon as possible.

🛠 SmartJwt Rule Builder

To simplify the creation of dynamic rules, policies, and endpoint assignments, we provide a local GUI tool.

Executable Name: SmartJWTRuleBuilder.exe

🔹 Purpose

• Create new dynamic rules.
• Generate policies and associate them with rules.
• Configure endpoints and assign policies.
• Automatically generate the SmartJWTConfiguration.cs class, ready to use in your API.

🔹 Usage of the local tool

🔑 This tool can be used with a valid, purchased API key.

1. Download the tool:
   Download SmartJwt Rule Builder

2. Run the executable:

SmartJWTRuleBuilder.exe

3. Auto Generate Custom Dinamyc Rule Class:

📦 Installation

dotnet add package SmartJWT

SmartJWT Quick Start

Simplify your configuration and register dynamic rules in a single call.

⚡ Quick Start (Program.cs)

// Configure SmartJWT (Session Token + Licensing + Dynamic Rules)
builder.Services.AddSmartJWT(options =>
{
    // 1️⃣ Session Token Settings (Optional)
    options.SecretKey = "super-secret-key-that-should-be-in-env-vars-at-least-32-chars-for-simetric-algorithm";
    options.PrivateKey = "my private key for asimetric algorithm";
    options.Algorithm = SecurityAlgorithms.HmacSha256; 
    options.Issuer = "SmartJWT.Example";
    options.Audience = "SmartJWT.Users";
    options.ExpirationMinutes = 60;

    // 2️⃣ Licensing & API Key Settings (Required)   
    options.ApiKey = "sk_v1_your_purchased_api_key";

    // 3️⃣ Dynamic Rules  (Required) 
    options.Rules = new List<DynamicRule>
    {
        new DynamicRule
        {
            RuleId = "admin-rule",
            Priority = 10,
            IsActive = true,
            Conditions = new List<RuleCondition>
            {
                new RuleCondition
                {
                    Type = ConditionType.Role,
                    Operator = ConditionOperator.Equals,
                    Value = "Admin"
                }
            },
            ClaimsToAdd = new List<DynamicClaim>
            {
                new DynamicClaim("role", "Admin")
            },
            Permissions = new List<string> { "read:all", "write:all" },
            RiskScore = 5
        },
        new DynamicRule
        {
            RuleId = "read-only-user",
            Priority = 5,
            IsActive = true,
            Conditions = new List<RuleCondition>
            {
                new RuleCondition
                {
                    Type = ConditionType.Role,
                    Operator = ConditionOperator.Equals,
                    Value = "User"
                }
            },
            ClaimsToAdd = new List<DynamicClaim>
            {
                new DynamicClaim("role", "User")
            },
            Permissions = new List<string> { "read:all" },
            RiskScore = 1
        }
    };
});

🚀 Generating Tokens

Inject DynamicJwtTokenGenerator into your controller , service or handlers and call GenerateSmartJWT passing the request context.

If you configured an ApiKey, you can use GenerateSmartJWT which internally validates the key before proceeding.

Note: SmartJWT performs a pre-validation step using your dynamic rules and policy engine. The token will only be generated if all conditions are satisfied, based on the user-defined dynamic rule class created via SmartJWT Rule Builder or manually.

Usage Example:

[HttpPost("login")]
public IActionResult Login([FromServices] DynamicJwtTokenGenerator generator)
{
    // 1. Create the Request Context
    var context = new SmartJWTRequestContext 
    { 
        UserId = "user-123", 
        UserName = "John Doe",
        Role = "Admin",
        Location = "LATAM",
        RequestTime = DateTime.UtcNow,
        IsMfaEnabled = true,
        ResourcePath= "/api/orders",
    };
    
    // 2. Add custom data if needed for rules
    context.CustomData.Add("Subscription", "Premium");

    // 3. Generate the token (Rules are applied automatically)
    var response = generator.GenerateSmartJWT(context);
    
    return Ok(new { 
        token = response.Token, 
        appliedRules = response.AppliedRuleIds,
        permissions = response.Permissions, 
        decisions = response.DecisionResult
    });
}

🧠  Rules Engine Overview

SmartJWT includes a built-in engine to evaluate conditions and dynamically enrich the JWT.

Engine Structure

• DynamicRule: Defines a rule with a RuleId, Priority, Conditions, ClaimsToAdd, and Permissions.
• RuleCondition: A specific requirement (e.g., Role Equals Admin) that must be met.
• SmartJWTRequestContext: The data provided at runtime (User, Location, Time, etc.) against which rules are evaluated.

Available Condition Types

✅ Role (Admin, User, etc.)
✅Location (US, LATAM, EU, etc.)
✅ Time (Office hours, specific ranges)
✅ Date (Specific calendar dates)
✅ Operation (Read, Write, Delete)
✅ Resource (Orders, Users, Settings)
✅ Area (IT, Finance, HR)
✅ Priority (Low, Medium, High)
✅ IsMfaEnabled (Boolean status)
✅ Enabled (Dynamic boolean status)
✅ CustomData (Any custom key-value pair)

Available Operators

✅ Equals, NotEquals
✅ Contains, NotContains
✅ In, NotIn (List of values)
✅ GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual (For Sensitivity or Numbers)
✅ StartsWith, EndsWith
✅ Exists (For CustomData)

🛠️ Developer Definitions

As a developer, you have full control over:

1. Rules to create: Defining identifying names like "admin-office-hours" or "premium-access".
2. Specific Conditions: Mapping context fields to operators and values.
3. Dynamic Claims: What data to inject into the JWT (e.g., access_level = "full").
4. Permissions: Scopes to grant (e.g., "read:all", "user:delete").
5. Priority: Rules are evaluated in order of priority (higher number = higher priority).

📖 Practical Use Cases

1. Admin Access During Office Hours

Grant "full" access level only if the user is an Admin and the request is between 08:00 and 18:00.

var rule = new DynamicRule 
{
    RuleId = "admin-office-hours",
    Priority = 10,
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Role, Operator = ConditionOperator.Equals, Value = "Admin" },
        new RuleCondition { Type = ConditionType.Time, Operator = ConditionOperator.In, Value = "08:00-18:00" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("access_level", "full") }
};

2. Regional Access Restrictions (LATAM)

Users in LATAM receive "limited" access and only "read" permissions.

var rule = new DynamicRule {
    RuleId = "latam-limited-access",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Location, Operator = ConditionOperator.Equals, Value = "LATAM" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("access_level", "limited") },
    Permissions = new List<string> { "read" }
};

3. MFA Required for Priority Resources

Only grant "delete" permissions if the resource priority is "High" AND MFA is enabled.

var rule = new DynamicRule {
    RuleId = "secure-delete",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Priority, Operator = ConditionOperator.Equals, Value = "High" },
        new RuleCondition { Type = ConditionType.IsMfaEnabled, Operator = ConditionOperator.Equals, Value = "true" }
    },
    Permissions = new List<string> { "delete" }
};

4. HR Area Resource Management

Grant managers in the HR Area permission to manage employees.

var rule = new DynamicRule {
    RuleId = "hr-manager-rule",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Area, Operator = ConditionOperator.Equals, Value = "HR" },
        new RuleCondition { Type = ConditionType.Role, Operator = ConditionOperator.Equals, Value = "Manager" }
    },
    Permissions = new List<string> { "manage_employees" }
};

5. Custom Subscription-Based Access

Use CustomData to check for a "Premium" subscription status.

var rule = new DynamicRule {
    RuleId = "premium-features",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.CustomData, CustomKey = "Subscription", Operator = ConditionOperator.Equals, Value = "Premium" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("feature_set", "ultimate") }
};

© 2026 SmartJWT - Secure & Dynamic Authentication.