public async Task <(bool, string)> ValidateAccessToken(string email, string accessToken, string idToken) { Logger.Log?.LogInformation($"validate google sign in {email} {accessToken} {idToken}"); if (!string.IsNullOrWhiteSpace(idToken)) { var validation = TokenService.ValidatePublicJWTToken(idToken, new Dictionary <string, string> { { "email", email }, { "iss", "https://accounts.google.com" }, }); if (!validation.Item1) { return(false, "id_token is invalid"); } else { // claim client id var aud = validation.Item2.GetOrDefault("aud", "").ToString(); if (!Configurations.Google.GoogleClientIds.Contains(aud)) { return(false, "id_token is invalid"); } Logger.Log?.LogInformation($"client id aud {aud} is valid from id_token"); } } try { var response = await googleRestApi.ValidateAccessToken(accessToken); var expiredIn = int.Parse(response.Exp); var time = DateTime.UnixEpoch.AddSeconds(expiredIn); var now = DateTime.Now; Logger.Log?.LogInformation($"validate access token google sign aud {response.Aud}, email {response.Email}"); var isAccessTokenValid = now < time && // not expired response.Email == email; // email is matched with token if (isAccessTokenValid) { return(isAccessTokenValid, ""); } } catch (ApiException ex) { if (ex.StatusCode != System.Net.HttpStatusCode.BadRequest) { throw ex; } } return(false, "access_token is invalid"); }
public async Task <(bool, string)> ValidateToken(string email, string authCode, string idToken) { Logger.Log?.LogInformation($"validate apple sign in {email} {authCode} {idToken}"); var isValid = TokenService.ValidatePublicJWTToken(idToken, new Dictionary <string, string> { { "email", email }, { "iss", "https://appleid.apple.com" }, { "aud", Configurations.Apple.AppleAppId }, }); if (!isValid.Item1) { return(false, "Id token is invalid"); } var secret = GenerateSecretToken(); try { var response = await appleRestApi.ValidateIdToken(new Dictionary <string, object> { { "client_id", Configurations.Apple.AppleAppId }, { "client_secret", secret }, { "code", authCode }, { "grant_type", "authorization_code" }, { "redirect_uri", Configurations.Apple.AppleRedirectUrl }, }); return(!string.IsNullOrWhiteSpace(response.AccessToken), ""); } catch (ApiException ex) { if (ex.StatusCode != System.Net.HttpStatusCode.BadRequest) { throw ex; } } return(false, "Auth code is invalid"); }