SmartJWT 1.0.9

🧠 SmartJWT SDK

Dynamic, Context-Aware JWT Authorization & Rules Engine for .NET

Stop hardcoding permissions.
Build intelligent, adaptive JWT authorization that evolves with your business rules — not your code.

SmartJWT enables you to generate smart JWT tokens whose claims and permissions are dynamically evaluated at runtime based on real-world context such as time, location, operation, resource, role, client identity, and custom business rules.

✨ Less code. Fewer bugs. Stronger security.
Designed for startups, SaaS platforms, and enterprise-scale systems.

🌍 Why SmartJWT?

Traditional JWTs are static.
Real-world authorization is not.

SmartJWT bridges that gap by introducing a dynamic rules engine that enriches tokens at issuance time — without databases, complex conditionals, or permission sprawl.

With SmartJWT you can:

• ✅ Eliminate hardcoded role/permission logic
• ✅ Adapt authorization based on context
• ✅ Reduce development time and security errors
• ✅ Scale authorization rules without refactoring
• ✅ Monetize and license your platform securely

🚀 How it works

1. Get your credentials: Obtain an API Key and an RSA Public Key from the provider.
2. Configure SmartJWT: Add the configuration to your Program.cs.
3. Define Rules: Create dynamic rules based on roles, time, location, and more.
4. Validate & Generate: The SDK validates your API Key using RSA and generates a JWT with dynamic claims and permissions based on your rules. No database connection needed for validation.

📦 Installation

dotnet add package SmartJWT

⚡ Quick Start (Program.cs)

Simplify your configuration with a single call:

// Configure SmartJWT (Session Token + Licensing)
builder.Services.AddDynamicJwt(options =>
{
    // 1. Session Token Settings
    options.SecretKey = "your-custom-32-char-secret-for-your-users";
    options.Issuer = "SmartJWT.Example";
    options.Audience = "SmartJWT.Users";
    options.ExpirationMinutes = 60;

    // 2. Licensing & API Key Settings
    options.RSAPublicKey = "THE_RSA_PUBLIC_KEY_PROVIDED_TO_YOU";
    options.ApiKey = "sk_v1_your_purchased_api_key";
});

🚀 Generating Tokens

Inject DynamicJwtTokenGenerator into your controller or service and call GenerateJWT passing the request context.

If you configured an ApiKey, you can use GenerateSmartJWT which internally validates the key before proceeding.

Usage Example:

[HttpPost("login")]
public IActionResult Login([FromServices] DynamicJwtTokenGenerator generator)
{
    // 1. Create the Request Context
    var context = new RequestContext 
    { 
        UserId = "user-123", 
        UserName = "John Doe",
        Role = "Admin",
        Location = "LATAM",
        RequestTime = DateTime.UtcNow,
        IsMfaEnabled = true
    };
    
    // 2. Add custom data if needed for rules
    context.CustomData.Add("Subscription", "Premium");

    // 3. Generate the token (Rules are applied automatically)
    var response = generator.GenerateJWT(context);
    
    return Ok(new { 
        token = response.Token, 
        appliedRules = response.AppliedRuleIds,
        permissions = response.Permissions 
    });
}

🧠 Rules Engine Overview

SmartJWT includes a built-in engine to evaluate conditions and dynamically enrich the JWT.

Engine Structure

• DynamicRule: Defines a rule with a RuleId, Priority, Conditions, ClaimsToAdd, and Permissions.
• RuleCondition: A specific requirement (e.g., Role Equals Admin) that must be met.
• RequestContext: The data provided at runtime (User, Location, Time, etc.) against which rules are evaluated.

Available Condition Types

✅ Role (Admin, User, etc.)
✅ Location (US, LATAM, EU, etc.)
✅ Time (Office hours, specific ranges)
✅ Operation (Read, Write, Delete)
✅ Resource (Orders, Users, Settings)
✅ Department (IT, HR, Sales)
✅ SensitivityLevel (Low, Medium, High)
✅ IsMfaEnabled (Boolean status)
✅ CustomData (Any custom key-value pair)

Available Operators

✅ Equals, NotEquals
✅ Contains, NotContains
✅ In, NotIn (List of values)
✅ GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual (For Sensitivity or Numbers)
✅ StartsWith, EndsWith
✅ Exists (For CustomData)

🛠️ Developer Definitions

As a developer, you have full control over:

1. Rules to create: Defining identifying names like "admin-office-hours" or "premium-access".
2. Specific Conditions: Mapping context fields to operators and values.
3. Dynamic Claims: What data to inject into the JWT (e.g., access_level = "full").
4. Permissions: Scopes to grant (e.g., "read:all", "user:delete").
5. Priority: Rules are evaluated in order of priority (higher number = higher priority).

📖 Practical Use Cases

1. Admin Access During Office Hours

Grant "full" access level only if the user is an Admin and the request is between 08:00 and 18:00.

var rule = new DynamicRule 
{
    RuleId = "admin-office-hours",
    Priority = 10,
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Role, Operator = ConditionOperator.Equals, Value = "Admin" },
        new RuleCondition { Type = ConditionType.Time, Operator = ConditionOperator.In, Value = "08:00-18:00" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("access_level", "full") }
};

2. Regional Access Restrictions (LATAM)

Users in LATAM receive "limited" access and only "read" permissions.

var rule = new DynamicRule {
    RuleId = "latam-limited-access",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Location, Operator = ConditionOperator.Equals, Value = "LATAM" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("access_level", "limited") },
    Permissions = new List<string> { "read" }
};

3. MFA Required for Sensitive Resources

Only grant "delete" permissions if the resource sensitivity is "High" AND MFA is enabled.

var rule = new DynamicRule {
    RuleId = "secure-delete",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.SensitivityLevel, Operator = ConditionOperator.Equals, Value = "High" },
        new RuleCondition { Type = ConditionType.IsMfaEnabled, Operator = ConditionOperator.Equals, Value = "true" }
    },
    Permissions = new List<string> { "delete" }
};

4. HR Department Resource Management

Grant managers in the HR department permission to manage employees.

var rule = new DynamicRule {
    RuleId = "hr-manager-rule",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.Department, Operator = ConditionOperator.Equals, Value = "HR" },
        new RuleCondition { Type = ConditionType.Role, Operator = ConditionOperator.Equals, Value = "Manager" }
    },
    Permissions = new List<string> { "manage_employees" }
};

5. Custom Subscription-Based Access

Use CustomData to check for a "Premium" subscription status.

var rule = new DynamicRule {
    RuleId = "premium-features",
    Conditions = new List<RuleCondition> {
        new RuleCondition { Type = ConditionType.CustomData, CustomKey = "Subscription", Operator = ConditionOperator.Equals, Value = "Premium" }
    },
    ClaimsToAdd = new List<DynamicClaim> { new DynamicClaim("feature_set", "ultimate") }
};

💳 Pricing & Licensing

To obtain an API Key for production use, please contact: 📧 cesaroto92@hotmail.com

© 2026 SmartJWT - Secure & Dynamic Authentication.