/// <summary>
/// Try to validate the token header, according to the <paramref name="header"/>.
/// </summary>
/// <param name="header"></param>
/// <returns></returns>
public TokenValidationResult TryValidateHeader(JwtHeader header)
{
if (!_ignoreCriticalHeader)
{
var handlers = header.CriticalHeaderHandlers;
if (handlers != null)
{
for (int i = 0; i < handlers.Count; i++)
{
KeyValuePair <string, ICriticalHeaderHandler> handler = handlers[i];
if (handler.Value is null)
{
return(TokenValidationResult.CriticalHeaderUnsupported(handler.Key));
}
if (!handler.Value.TryHandle(header, handler.Key))
{
return(TokenValidationResult.InvalidHeader(handler.Key));
}
}
}
}
return(TokenValidationResult.Success());
}
/// <summary>
/// Try to validate the token, according to the <paramref name="jwt"/>.
/// </summary>
/// <param name="jwt"></param>
/// <returns></returns>
public TokenValidationResult TryValidateJwt(Jwt jwt)
{
var payload = jwt.Payload !;
if (payload.ValidationControl != 0)
{
if (payload.MissingAudience)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.AudUtf8));
}
if (payload.InvalidAudience)
{
return(TokenValidationResult.InvalidClaim(jwt, Claims.AudUtf8));
}
if (payload.MissingIssuer)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.IssUtf8));
}
if (payload.InvalidIssuer)
{
return(TokenValidationResult.InvalidClaim(jwt, Claims.IssUtf8));
}
if (payload.MissingExpirationTime)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.ExpUtf8));
}
if (payload.Expired)
{
return(TokenValidationResult.Expired(jwt));
}
if (payload.NotYetValid)
{
return(TokenValidationResult.NotYetValid(jwt));
}
}
var validators = _validators;
for (int i = 0; i < validators.Length; i++)
{
var result = validators[i].TryValidate(jwt);
if (!result.Succedeed)
{
return(result);
}
}
return(TokenValidationResult.Success(jwt));
}
/// <inheritdoc />
public TokenValidationResult TryValidate(Jwt jwt)
{
if (jwt is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
}
if (jwt.Payload is null)
{
return(TokenValidationResult.MalformedToken());
}
if (jwt.Payload.TryGetValue(OidcClaims.AuthTimeUtf8, out var _))
{
return(TokenValidationResult.Success(jwt));
}
return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AuthTimeUtf8));
}
public TokenValidationResult TryValidate(Jwt jwt)
{
if (jwt is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
}
if (jwt.Payload is null)
{
return(TokenValidationResult.MalformedToken());
}
if (!jwt.Payload.TryGetValue(OidcClaims.AcrUtf8, out var property))
{
return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AcrUtf8));
}
if (string.Equals(_requiredAcr, (string?)property.Value, StringComparison.Ordinal))
{
return(TokenValidationResult.InvalidClaim(jwt, OidcClaims.AcrUtf8));
}
return(TokenValidationResult.Success(jwt));
}
