From 3ba55cbe9a70513dde7668db52eac3bd8a51d825 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 29 May 2026 08:47:18 +0200
Subject: [PATCH] Add DigitalData.Auth.Claims project and EnvelopeClaimNames

Added a new .NET project `DigitalData.Auth.Claims` targeting `net8.0`
with metadata for NuGet packaging. The project is configured to
not generate a NuGet package on build.

Introduced the `EnvelopeClaimNames` static class to define strongly-typed
constants for custom JWT claim names specific to envelope receiver tokens.
These include `EnvelopeId`, `EnvelopeUuid`, `ReceiverId`, and
`ReceiverSignature`. Added XML documentation for all constants.
---
 .../DigitalData.Auth.Claims.csproj            | 29 ++++++++++++++++
 DigitalData.Auth.Claims/EnvelopeClaimNames.cs | 34 +++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 DigitalData.Auth.Claims/DigitalData.Auth.Claims.csproj
 create mode 100644 DigitalData.Auth.Claims/EnvelopeClaimNames.cs

diff --git a/DigitalData.Auth.Claims/DigitalData.Auth.Claims.csproj b/DigitalData.Auth.Claims/DigitalData.Auth.Claims.csproj
new file mode 100644
index 0000000..327398d
--- /dev/null
+++ b/DigitalData.Auth.Claims/DigitalData.Auth.Claims.csproj
@@ -0,0 +1,29 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <!-- NuGet package metadata -->
+    <PackageId>DigitalData.Auth.Claims</PackageId>
+    <Authors>Digital Data GmbH</Authors>
+    <Company>Digital Data GmbH</Company>
+    <Product>DigitalData.Auth.Claims</Product>
+    <Description>
+      Provides strongly-typed JWT claim name constants for the DigitalData.Auth ecosystem.
+      Includes domain-specific claim definitions (e.g. envelope and receiver claims)
+      to be shared across API, client, and consumer projects.
+    </Description>
+    <Copyright>Copyright 2026 Digital Data GmbH</Copyright>
+    <RepositoryUrl>https://git.dd/AppStd/DigitalData.Auth</RepositoryUrl>
+    <PackageTags>digital data auth claims jwt constants</PackageTags>
+    <PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
+    <Version>1.0.0</Version>
+    <AssemblyVersion>1.0.0</AssemblyVersion>
+    <FileVersion>1.0.0</FileVersion>
+    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
+  </PropertyGroup>
+
+</Project>
+
diff --git a/DigitalData.Auth.Claims/EnvelopeClaimNames.cs b/DigitalData.Auth.Claims/EnvelopeClaimNames.cs
new file mode 100644
index 0000000..c30619a
--- /dev/null
+++ b/DigitalData.Auth.Claims/EnvelopeClaimNames.cs
@@ -0,0 +1,34 @@
+namespace DigitalData.Auth.Claims
+{
+    /// <summary>
+    /// Defines the custom JWT claim names used for envelope receiver tokens.
+    /// These claims are domain-specific and have no equivalent in <see cref="Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames"/>.
+    /// </summary>
+    public static class EnvelopeClaimNames
+    {
+        /// <summary>
+        /// The database primary key of the envelope.
+        /// Claim name: <c>envelope_id</c>
+        /// </summary>
+        public const string EnvelopeId = "envelope_id";
+
+        /// <summary>
+        /// The unique identifier (UUID) of the envelope.
+        /// Claim name: <c>envelope_uuid</c>
+        /// </summary>
+        public const string EnvelopeUuid = "envelope_uuid";
+
+        /// <summary>
+        /// The database primary key of the envelope receiver.
+        /// Claim name: <c>receiver_id</c>
+        /// </summary>
+        public const string ReceiverId = "receiver_id";
+
+        /// <summary>
+        /// The cryptographic signature of the envelope receiver.
+        /// Together with <see cref="EnvelopeUuid"/>, it forms the unique envelope key via <c>ToEnvelopeKey()</c>.
+        /// Claim name: <c>receiver_sig</c>
+        /// </summary>
+        public const string ReceiverSignature = "receiver_sig";
+    }
+}