public virtual async Task <TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true)
{
Logger.Info("Start identity token validation");
if (token.Length > _options.InputLengthRestrictions.Jwt)
{
Logger.Error("JWT too long");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
if (clientId.IsMissing())
{
clientId = GetClientIdFromJwt(token);
if (clientId.IsMissing())
{
Logger.Error("No clientId supplied, can't find id in identity token.");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
}
_log.ClientId = clientId;
_log.ValidateLifetime = validateLifetime;
var client = await _clients.FindClientByIdAsync(clientId);
if (client == null)
{
LogError("Unknown or diabled client.");
return(Invalid(Constants.ProtectedResourceErrors.InvalidToken));
}
_log.ClientName = client.ClientName;
var keys = await _keyService.GetPublicKeysAsync();
var result = await ValidateJwtAsync(token, clientId, keys, validateLifetime);
result.Client = client;
if (result.IsError)
{
LogError("Error validating JWT");
return(result);
}
_log.Claims = result.Claims.ToClaimsDictionary();
var customResult = await _customValidator.ValidateIdentityTokenAsync(result);
if (customResult.IsError)
{
LogError("Custom validator failed: " + (customResult.Error ?? "unknown"));
return(customResult);
}
_log.Claims = customResult.Claims.ToClaimsDictionary();
LogSuccess();
return(customResult);
}
