public CustomValidatingJwtFormat(
TokenValidationParameters tvps,
IReadOnlyDictionary <string, string> additionalTokenValidationParamters,
OpenIdConnectCachingSecurityTokenProvider securityTokenProvider)
: base(tvps, securityTokenProvider)
{
if (_additionalTokenValidationParamters == null)
{
_additionalTokenValidationParamters = new Dictionary <string, string>();
}
_additionalTokenValidationParamters = additionalTokenValidationParamters;
}
/// <summary>
/// Specifies validation options for the access token.
/// </summary>
/// <param name="tenantUrl"></param>
/// <param name="clientId"></param>
/// <returns></returns>
private static CustomValidatingJwtFormat GetAccessTokenFormat(string tenantUrl, string clientId)
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidAudience = tenantUrl,
ValidateAudience = true,
ValidIssuer = tenantUrl,
ValidateIssuer = true,
};
var additionalTokenValidationParamters = new Dictionary <string, string>
{
// Validate Client ID claim
["cid"] = clientId
};
var securityTokenProvider = new OpenIdConnectCachingSecurityTokenProvider(
tenantUrl + "/.well-known/openid-configuration");
return(new CustomValidatingJwtFormat(tokenValidationParameters,
additionalTokenValidationParamters,
securityTokenProvider));
}
