public async Task <JwsPayload> UnSign(string jws)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient()
.ResolveAsync(_parametersProvider.GetOpenIdConfigurationUrl())
.ConfigureAwait(false);
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
if (jsonWebKeys == null ||
!jsonWebKeys.Any(j => j.Kid == protectedHeader.Kid))
{
return(null);
}
var jsonWebKey = jsonWebKeys.First(j => j.Kid == protectedHeader.Kid);
if (protectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
{
return(_jwsParser.GetPayload(jws));
}
return(_jwsParser.ValidateSignature(jws, jsonWebKey));
}
private AuthorizationPolicyResult GetNeedInfoResult(List <Claim> claims)
{
var requestingPartyClaims = new Dictionary <string, object>();
var requiredClaims = new List <Dictionary <string, string> >();
foreach (var claim in claims)
{
requiredClaims.Add(new Dictionary <string, string>
{
{
Constants.ErrorDetailNames.ClaimName, claim.Type
},
{
Constants.ErrorDetailNames.ClaimFriendlyName, claim.Type
},
{
Constants.ErrorDetailNames.ClaimIssuer, _parametersProvider.GetOpenIdConfigurationUrl()
}
});
}
requestingPartyClaims.Add(Constants.ErrorDetailNames.RequiredClaims, requiredClaims);
requestingPartyClaims.Add(Constants.ErrorDetailNames.RedirectUser, false);
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NeedInfo,
ErrorDetails = new Dictionary <string, object>
{
{
Constants.ErrorDetailNames.RequestingPartyClaims,
requestingPartyClaims
}
}
});
}
