/// <summary>
/// Validate the token taken from the http context
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
private TokenResult ValidateToken(String token)
{
TokenResult result = new TokenResult()
{
Success = false
};
// Hide personal information if not in debugging mode
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = Debugging;
ConfigurationManager <OpenIdConnectConfiguration> configManager =
new ConfigurationManager <OpenIdConnectConfiguration>($"{Authority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration config = configManager.GetConfigurationAsync().Result;
ISecurityTokenValidator tokenValidator = new JwtSecurityTokenHandler();
List <String> audienceList = ValidAudiences.Split(',').ToList();
List <String> issuerList = ValidIssuers.Split(',').ToList();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudiences = audienceList,
ValidIssuers = issuerList,
IssuerSigningKeys = config.SigningKeys
};
try
{
result.Principal = tokenValidator.ValidateToken(token, validationParameters, out SecurityToken securityToken);
}
catch (Exception ex)
{
throw ex;
}
return(result);
}
public JwtTokenParserBuilder Clear()
{
ValidIssuers.Clear();
Certificates.Clear();
ValidAudiences.Clear();
return(this);
}
public JwtTokenParserBuilder AddValidIssuer(string validIssuer)
{
ValidIssuers.Add(validIssuer);
return(this);
}
public JwtTokenParserBuilder AddValidIssuer(params string[] validIssuer)
{
validIssuer.ForEach(x => ValidIssuers.Add(x));
return(this);
}
/// <summary>
/// Validates the specified token.
/// </summary>
/// <param name="tokenString">The token.</param>
/// <param name="claim">The claim obtained from token.</param>
/// <param name="payload">The payload obtained from token.</param>
/// <param name="tokenState">The state of the token.</param>
/// <param name="errorMessage">A message indicating that the token is invalid.</param>
/// <returns>true if it is valid; otherwise false.</returns>
public bool ValidateToken(string tokenString, out ITokenClaim claim, out TPayload payload, out TokenState tokenState, out string errorMessage)
{
TokenValidationParameters parameters = new TokenValidationParameters {
};
parameters.IssuerSigningKey = m_SecurityKey;
parameters.ValidateIssuerSigningKey = true;
if (ValidIssuers != null && ValidIssuers.Length > 0)
{
if (ValidIssuers.Length == 1)
{
parameters.ValidIssuer = ValidIssuers.First();
}
else
{
parameters.ValidIssuers = ValidIssuers;
}
parameters.ValidateIssuer = true;
}
else
{
parameters.ValidateIssuer = false;
}
if (ValidAudiences != null && ValidAudiences.Length > 0)
{
if (ValidAudiences.Length == 1)
{
parameters.ValidAudience = ValidAudiences.First();
}
else
{
parameters.ValidAudiences = ValidAudiences;
}
parameters.ValidateAudience = true;
}
else
{
parameters.ValidateAudience = false;
}
parameters.ValidateLifetime = true;
parameters.LifetimeValidator = m_LifetimeValidator;
try
{
ClaimsPrincipal claims = m_TokenHandler.ValidateToken(tokenString, parameters, out SecurityToken token);
claim = new TokenClaim()
{
JwtID = GetClaim(claims, KnownJwtClaims.JwtID),
Audience = GetClaim(claims, KnownJwtClaims.Audience),
Expiration = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.Expiration)),
NotBefore = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.NotBefore)),
};
string payloadJson = claims.FindFirst(KnownJwtClaims.UserPayload)?.Value;
if (string.IsNullOrEmpty(payloadJson))
{
payload = default(TPayload);
}
else
{
payload = Newtonsoft.Json.JsonConvert.DeserializeObject <TPayload>(payloadJson);
}
tokenState = TokenState.Valid;
errorMessage = null;
return(true);
}
catch (SecurityTokenInvalidLifetimeException ex)
{
claim = null;
payload = default(TPayload);
if (ValidateLifetime(ex.NotBefore, ex.Expires, out tokenState, out errorMessage))
{
tokenState = TokenState.Invalid;
errorMessage = "The token is invalid.";
}
return(false);
}
catch (SecurityTokenInvalidIssuerException)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.InvalidIssuer;
errorMessage = "The issuer is invalid.";
return(false);
}
catch (SecurityTokenInvalidAudienceException)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.InvalidAudience;
errorMessage = "The audience is invalid.";
return(false);
}
catch (Exception)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.Invalid;
errorMessage = "The token is invalid.";
return(false);
}
}
