public SecurityToken ValidateToken(string jwt, KeycloakAuthenticationOptions options)
{
var uriManager = OidcDataManager.GetCachedContext(options);
var tokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
RequireExpirationTime = true,
ValidateIssuer = !options.DisableIssuerValidation,
ValidateAudience = !options.DisableAudienceValidation,
ValidateIssuerSigningKey = !options.DisableTokenSignatureValidation,
RequireSignedTokens = !options.AllowUnsignedTokens,
ValidIssuer = uriManager.GetIssuer(),
ClockSkew = options.TokenClockSkew,
ValidAudiences = new List <string> {
"null", options.ClientId
},
IssuerSigningTokens = uriManager.GetJsonWebKeys().GetSigningTokens(),
AuthenticationType = options.AuthenticationType // Not used
};
return(ValidateToken(jwt, tokenValidationParameters));
}
public static async Task <SecurityToken> ValidateTokenRemote(string jwt, KeycloakAuthenticationOptions options)
{
// This should really only be used on access tokens...
var uriManager = OidcDataManager.GetCachedContext(options);
var uri = new Uri(uriManager.TokenValidationEndpoint, "?access_token=" + jwt);
try
{
var client = new HttpClient();
var response = await client.GetAsync(uri);
if (!response.IsSuccessStatusCode)
{
throw new Exception();
}
return(new JwtSecurityToken(jwt)); // TODO: Get this from returned JSON
}
catch (Exception)
{
throw new SecurityTokenValidationException("Remote Token Validation Failed");
}
}