public async Task <AccessTokenResult> ValidateToken(HttpRequest request)
{
try
{
if (request == null || !request.Headers.ContainsKey(AUTH_HEADER_NAME) ||
!request.Headers[AUTH_HEADER_NAME].ToString().StartsWith(BEARER_PREFIX))
{
return(AccessTokenResult.NoToken());
}
var config = await _configurationManager.GetConfigurationAsync(CancellationToken.None);
var token = request.Headers[AUTH_HEADER_NAME].ToString().Substring(BEARER_PREFIX.Length);
var tokenParams = new TokenValidationParameters
{
RequireSignedTokens = true,
ValidAudience = _audience,
ValidateAudience = true,
ValidIssuer = _issuer,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKeys = config.SigningKeys
};
var result = new JwtSecurityTokenHandler()
.ValidateToken(token, tokenParams, out _);
using (var client = new HttpClient())
{
var userInfo = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = config.UserInfoEndpoint,
Token = token
});
if (userInfo.IsError)
{
throw userInfo.Exception;
}
var identity = new ClaimsIdentity(result.Identities.First());
identity.AddClaims(userInfo.Claims);
return(AccessTokenResult.Success(new ClaimsPrincipal(identity)));
}
}
catch (SecurityTokenExpiredException)
{
return(AccessTokenResult.Expired());
}
catch (Exception ex)
{
return(AccessTokenResult.Error(ex));
}
}
public static string EmailAddress(this AccessTokenResult accessTokenResult)
{
if (accessTokenResult.Status != AccessTokenStatus.Valid)
{
throw new AuthenticationException("Token invalid", accessTokenResult.Exception);
}
return(accessTokenResult.Principal.Claims
.First(x => x.Type.Equals("email", StringComparison.InvariantCultureIgnoreCase))
.Value);
}