public TokenState FinaliseLoad(bool validJwtRequired, TokenValidationParameters tokenValidationParameters)
{
if (RequestHeader["Content-Type"] == "application/x-www-form-urlencoded")
{
// body contains &-separated parameters
ParseParameters(Encoding.ASCII.GetString(Body));
}
//no token required and no token supplied.
if (!validJwtRequired && !RequestHeader.ContainsKey("Authorization"))
{
return(TokenState.NotRequired);
}
//no token required but token supplied and invalid.
if (!validJwtRequired && RequestHeader.ContainsKey("Authorization") && !RequestHeader["Authorization"].StartsWith("Bearer "))
{
return(TokenState.Invalid);
}
//token required but valid token not supplied
if (validJwtRequired && (!RequestHeader.ContainsKey("Authorization") || !RequestHeader["Authorization"].StartsWith("Bearer ")))
{
return(TokenState.Invalid);
}
var payload = RequestHeader["Authorization"].Substring(7);
try
{
SecurityToken token;
if (validJwtRequired)
{
_securityTokenHandler.ValidateToken(payload, tokenValidationParameters, out token);
}
else
{
token = _securityTokenHandler.ReadToken(payload);
}
SecurityToken = (JwtSecurityToken)token;
return(TokenState.Ok);
}
catch (SecurityTokenExpiredException ex)
{
logger.Trace($".net ValidateToken threw {ex.GetType().Name}");
return(TokenState.Expired);
}
catch (SecurityTokenNotYetValidException ex)
{
logger.Trace($".net ValidateToken threw {ex.GetType().Name}");
return(TokenState.NotYetValid);
}
catch (SecurityTokenException ex) // The order of these is important: SecurityTokenException is a base class of SecurityTokenExpiredException and SecurityTokenNotYetValidException as well as others.
{
logger.Trace($".net ValidateToken threw {ex.GetType().Name}");
return(TokenState.Invalid);
}
catch (ArgumentException ex) // Base class of ArgumentNullException
{
logger.Trace($".net ValidateToken threw {ex.GetType().Name}");
return(TokenState.Invalid);
}
}
