// TODO: Add support for multiple keys... private DeviceAuthResult ValidateTokenUsingSymmetricKey(Guid symmetricKey, string deviceToken, TokenValidationParameters validationParams) { TokenValidationParameters jwtValidationParams = validationParams.Clone(); jwtValidationParams.IssuerSigningKeys = new SecurityKey[] { new SymmetricSecurityKey(symmetricKey.ToByteArray()) { KeyId = $"DeviceId_{symmetricKey:D}" } }; return(DeviceAuthResult.SetAuthenticated( IsDeviceTokenValid(deviceToken, jwtValidationParams))); }
public async Task <(DeviceAuthResult authResult, Guid deviceId)> ValidateDeviceToken(string deviceToken, TokenValidationParameters validationParams) { var token = new JwtSecurityToken(deviceToken); Guid deviceId = GetDeviceIdFromToken(token); if (deviceId == Guid.Empty) { return(DeviceAuthResult.Failed("Invalid credential token"), deviceId); } Guid?deviceKey = await _deviceKeyAuthRepo.GetDeviceKeyAsync(deviceId); if (deviceKey == null) { _logger.LogDebug("Device key not found for device with id: {deviceId}", deviceId); return(DeviceAuthResult.Failed("Invalid credential token"), deviceId); } try { var authResult = ValidateTokenUsingSymmetricKey(deviceKey.Value, deviceToken, validationParams); return(authResult, deviceId); } catch (SecurityTokenException ex) { _logger.LogError(ex, "Error validating submitted device token {deviceToken} for Device Id: {deviceId}.", deviceToken, deviceId); return(DeviceAuthResult.Failed("Invalid credential token"), deviceId); } catch (Exception ex) { _logger.LogError(ex, "Unexpected error validating submitted device token {deviceToken} for Device Id: {deviceId}.", deviceToken, deviceId); throw; } }