/// <summary>
/// Given a JWT, decode it and return the JSON payload.
/// </summary>
/// <remarks>Based on https://github.com/johnsheehan/jwt and https://github.com/NuGet/OpsDashboard/blob/master/NuGetGallery.Dashboard/Infrastructure/JWT.cs </remarks>
/// <param name="jsonWebToken">The JWT.</param>
/// <param name="key">The key that was used to sign the JWT.</param>
/// <param name="verify">Whether to verify the signature (default is true).</param>
/// <returns>A string containing the JSON payload.</returns>
/// <exception cref="SignatureVerificationException">Thrown if the verify parameter was true and the signature was NOT valid or if the JWT was signed with an unsupported algorithm.</exception>
private static IDTokenPayload DecodeAndVerifyIDTokenPayload(string jsonWebToken, List <RSACryptoServiceProvider> rsaCryptoProvider, bool verify)
{
JavaScriptSerializer jsonSerializer = new JavaScriptSerializer();
string[] parts = jsonWebToken.Split('.');
string header = parts[0];
string payload = parts[1];
byte[] crypto = ConversionUtility.Base64UrlDecode(parts[2]);
string headerJson = Encoding.UTF8.GetString(ConversionUtility.Base64UrlDecode(header));
Dictionary <string, object> headerData = jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson);
string algorithm = headerData["alg"] as string;
string payloadJson = Encoding.UTF8.GetString(ConversionUtility.Base64UrlDecode(payload));
byte[] bytesToSign = Encoding.UTF8.GetBytes(String.Concat(header, ".", payload));
if (!JwtHashAlgorithm.Equals(algorithm))
{
throw new HashAlgorithmNotSupportedException(algorithm);
}
if (verify && !VerifyRSAHash(bytesToSign, crypto, rsaCryptoProvider))
{
throw new SignatureVerificationException();
}
return(ConversionUtility.DeSerializerObject <IDTokenPayload>(payloadJson));
}
/// <summary>
///
/// </summary>
/// <returns></returns>
/// <remarks>https://developers.google.com/accounts/docs/OpenIDConnect#discovery</remarks>
internal static DiscoveryDocument GetDiscoveryDocument()
{
using (WebClient client = new WebClient()
{
Proxy = Proxy
})
{
return(ConversionUtility.DeSerializerObject <DiscoveryDocument>(client.DownloadData(Configuration.Endpoints.OpenIDConfigurationURI)));
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
internal static JsonWebKeyIndex GetJsonWebKeyIndex()
{
using (WebClient client = new WebClient()
{
Proxy = Proxy
})
{
return(ConversionUtility.DeSerializerObject <JsonWebKeyIndex>(client.DownloadData(Configuration.Endpoints.JsonWebKeysUri)));
}
}
/// <summary>
/// Receive ID Token from Google
/// </summary>
/// <param name="parameters">List of necessary parameters</param>
/// <remarks>https://developers.google.com/accounts/docs/OpenIDConnect#exchangecode</remarks>
/// <returns></returns>
internal static TokenInformation GetIDTokenPayload(NameValueCollection parameters)
{
using (WebClient client = new WebClient()
{
Proxy = Proxy
})
{
return(ConversionUtility.DeSerializerObject <TokenInformation>(client.UploadValues(Configuration.Endpoints.Token, "POST", parameters)));
}
}
/// <summary>
/// Receives profile information for a user
/// </summary>
/// <param name="accessToken">Access token to receive information</param>
/// <returns>UserInformation</returns>
/// <remarks>
/// In order to use this method, the scope "profile" AND "email" must be set AND Google+ API needs to turned on.
/// Note: the limit of calls per day is 10000 requests.
/// If 10000 request/day is exceeded or Google+ API is not turned on, this method call will result in an error 403.
/// You may want to do some additional exception handling for that cases here!
/// </remarks>
internal static UserInformation GetUserInformation(string accessToken)
{
using (WebClient client = new WebClient()
{
Proxy = Proxy
})
{
string url = String.Concat(Configuration.Endpoints.UserinfoEndpoint, "?access_token=", accessToken);
return(ConversionUtility.DeSerializerObject <UserInformation>(client.DownloadData(url)));
}
}