i`m developing .net web api pet application, that uses jwt authentication.

It has private rooms(lets say lobbies), so users dont have access to the list of them.

The idea is to create invitation link like https://mycoolapp.com/Room/sd1Fds/join=token,
so unauthorised user can click it and join room after he logs in.

The idea comes from discord invitation link
Like here

I want it to have expiration time, so user can choose between 3,5,7 hours for example.
Discord implementation

The question is, how should i implement it, i`m currently looking at SecurityToken class, is that right approach?

>Solution :

yes, the SecurityToken is a good point to start

you can create a room and generate a unique id (GUID) for that. then create a JWT token and include the generated unique id as a claim into it. then generate the invitation link including the JWT token and send it to guest

after the guest clicks on the link, redirect to the login page and then redirect to the API with the JWT token included in the query string. in the endpoint that handles the invitation link, check if everything is ok and the id exists as a claim, and the expiration time is ok, grant the user access to the private room