private DataResponse <IDictionary <string, string> > ParseClaims(string input)
{
var response = new DataResponse <IDictionary <string, string> >(true);
try
{
response.Data = JsonConvert.DeserializeObject <IDictionary <string, string> >(input);
}
catch (JsonReaderException ex)
{
var errorMessage = "The Authorisation header must be supplied as a valid JWT.";
if (!string.IsNullOrWhiteSpace(ex.Path) && _validClaims.Contains(ex.Path))
{
errorMessage = BaseErrorMessage(ex.Path);
}
response.SetError(errorMessage);
}
catch (Exception ex)
{
response.SetError("The Authorisation header must be supplied");
}
return(response);
}
private DataResponse <IDictionary <string, string> > ParseJwt(string jwt)
{
var response = new DataResponse <IDictionary <string, string> >(true);
if (string.IsNullOrEmpty(jwt))
{
response.SetError("The Authorisation header must be supplied");
return(response);
}
if (jwt.StartsWith("Bearer "))
{
jwt = jwt.Replace("Bearer ", "");
}
//This should be a basic Base64UrlEncoded token
var claimsHashItems = jwt.Split('.');
if (claimsHashItems.Count() != 3)
{
response.SetError("The JWT associated with the Authorisation header must have the 3 sections");
return(response);
}
//Skip header parsing
//var header = claimsHashItems.First();
//Skip sig check for now as no service available to validate.
//Current guidance is not to hash the sign for self generated JWTs.
//var signature = claimsHashItems.Last();
//if (!string.IsNullOrEmpty(signature))
//{
// return new Response("The JWT associated with the Authorisation header must have an empty signature.");
//}
var claimsHash = claimsHashItems.Skip(1).Take(1).FirstOrDefault();
if (string.IsNullOrEmpty(claimsHash))
{
response.SetError("The JWT associated with the Authorisation header must have a body of claims.");
return(response);
}
var decoded = StringHelper.Base64UrlDecode(claimsHash);
response = ParseClaims(decoded);
if (!response.Success)
{
response.SetError(response.Message);
return(response);
}
return(response);
}