// TODO: Add support for multiple keys...
private DeviceAuthResult ValidateTokenUsingSymmetricKey(Guid symmetricKey, string deviceToken, TokenValidationParameters validationParams)
{
TokenValidationParameters jwtValidationParams = validationParams.Clone();
jwtValidationParams.IssuerSigningKeys = new SecurityKey[] {
new SymmetricSecurityKey(symmetricKey.ToByteArray())
{
KeyId = $"DeviceId_{symmetricKey:D}"
}
};
return(DeviceAuthResult.SetAuthenticated(
IsDeviceTokenValid(deviceToken, jwtValidationParams)));
}
public async Task <(DeviceAuthResult authResult, Guid deviceId)> ValidateDeviceToken(string deviceToken,
TokenValidationParameters validationParams)
{
var token = new JwtSecurityToken(deviceToken);
Guid deviceId = GetDeviceIdFromToken(token);
if (deviceId == Guid.Empty)
{
return(DeviceAuthResult.Failed("Invalid credential token"), deviceId);
}
Guid?deviceKey = await _deviceKeyAuthRepo.GetDeviceKeyAsync(deviceId);
if (deviceKey == null)
{
_logger.LogDebug("Device key not found for device with id: {deviceId}", deviceId);
return(DeviceAuthResult.Failed("Invalid credential token"), deviceId);
}
try
{
var authResult = ValidateTokenUsingSymmetricKey(deviceKey.Value, deviceToken, validationParams);
return(authResult, deviceId);
}
catch (SecurityTokenException ex)
{
_logger.LogError(ex, "Error validating submitted device token {deviceToken} for Device Id: {deviceId}.",
deviceToken, deviceId);
return(DeviceAuthResult.Failed("Invalid credential token"), deviceId);
}
catch (Exception ex)
{
_logger.LogError(ex, "Unexpected error validating submitted device token {deviceToken} for Device Id: {deviceId}.",
deviceToken, deviceId);
throw;
}
}
