Ejemplos de Authentication.Shared.Services TokenService.ValidatePublicJWTToken en C# (CSharp)

Ejemplo n.º 1

        public async Task <(bool, string)> ValidateAccessToken(string email, string accessToken, string idToken)
        {
            Logger.Log?.LogInformation($"validate google sign in {email} {accessToken} {idToken}");
            if (!string.IsNullOrWhiteSpace(idToken))
            {
                var validation = TokenService.ValidatePublicJWTToken(idToken, new Dictionary <string, string>
                {
                    { "email", email },
                    { "iss", "https://accounts.google.com" },
                });

                if (!validation.Item1)
                {
                    return(false, "id_token is invalid");
                }
                else
                {
                    // claim client id
                    var aud = validation.Item2.GetOrDefault("aud", "").ToString();
                    if (!Configurations.Google.GoogleClientIds.Contains(aud))
                    {
                        return(false, "id_token is invalid");
                    }

                    Logger.Log?.LogInformation($"client id aud {aud} is valid from id_token");
                }
            }

            try
            {
                var response = await googleRestApi.ValidateAccessToken(accessToken);

                var expiredIn = int.Parse(response.Exp);
                var time      = DateTime.UnixEpoch.AddSeconds(expiredIn);
                var now       = DateTime.Now;
                Logger.Log?.LogInformation($"validate access token google sign aud {response.Aud}, email {response.Email}");
                var isAccessTokenValid = now < time && // not expired
                                         response.Email == email; // email is matched with token
                if (isAccessTokenValid)
                {
                    return(isAccessTokenValid, "");
                }
            }
            catch (ApiException ex)
            {
                if (ex.StatusCode != System.Net.HttpStatusCode.BadRequest)
                {
                    throw ex;
                }
            }

            return(false, "access_token is invalid");
        }

Ejemplo n.º 2

Archivo: AppleService.cs Proyecto: bookbot-kids/azure-authentication

        public async Task <(bool, string)> ValidateToken(string email, string authCode, string idToken)
        {
            Logger.Log?.LogInformation($"validate apple sign in {email} {authCode} {idToken}");
            var isValid = TokenService.ValidatePublicJWTToken(idToken, new Dictionary <string, string>
            {
                { "email", email },
                { "iss", "https://appleid.apple.com" },
                { "aud", Configurations.Apple.AppleAppId },
            });

            if (!isValid.Item1)
            {
                return(false, "Id token is invalid");
            }

            var secret = GenerateSecretToken();

            try
            {
                var response = await appleRestApi.ValidateIdToken(new Dictionary <string, object>
                {
                    { "client_id", Configurations.Apple.AppleAppId },
                    { "client_secret", secret },
                    { "code", authCode },
                    { "grant_type", "authorization_code" },
                    { "redirect_uri", Configurations.Apple.AppleRedirectUrl },
                });

                return(!string.IsNullOrWhiteSpace(response.AccessToken), "");
            }
            catch (ApiException ex)
            {
                if (ex.StatusCode != System.Net.HttpStatusCode.BadRequest)
                {
                    throw ex;
                }
            }

            return(false, "Auth code is invalid");
        }