public void VerifyGoogleToken(string idToken)
{
if (idToken != null)
{
try
{
JwtSecurityToken token = new JwtSecurityToken(idToken);
JwtSecurityTokenHandler jsth = new JwtSecurityTokenHandler();
string audience = token.Audiences.ToString();
Byte[][] certBytes = SOSCodecs.getGoogleCertBytes();
Dictionary <String, X509Certificate2> certificates = new Dictionary <string, X509Certificate2>();
for (int i = 0; i < certBytes.Length; i++)
{
X509Certificate2 certificate = new X509Certificate2(certBytes[i]);
certificates.Add(certificate.Thumbprint, certificate);
}
// Set up token validation
TokenValidationParameters tvp = new TokenValidationParameters()
{
ValidateActor = false,
ValidAudience = ConfigProvider.ConfigurationStore.GoogleClientID,
ValidateIssuer = true,
ValidIssuer = "accounts.google.com",
ValidateIssuerSigningKey = true,
RequireSignedTokens = true,
CertificateValidator = X509CertificateValidator.None,
IssuerSigningKeyResolver = (s, securityToken, identifier, parameter) =>
{
return(identifier.Select(x =>
{
if (certificates.ContainsKey(x.Id.ToUpper()))
{
return new X509SecurityKey(certificates[x.Id.ToUpper()]);
}
return null;
}).First(x => x != null));
},
ValidateLifetime = false,
RequireExpirationTime = true,
ClockSkew = TimeSpan.FromHours(12)
};
SecurityToken validateToken;
ClaimsPrincipal cp = jsth.ValidateToken(idToken, tvp, out validateToken);
if (cp != null)
{
_IsTokenValid = true;
}
}
catch (Exception e)
{
_IsTokenValid = false;
}
}
}
