/// <summary> /// /// </summary> /// <param name="a"></param> /// <param name="b"></param> /// <returns></returns> private bool ValueEquals(ITokenClaim a, ITokenClaim b) { if (a.JwtID != b.JwtID) { return(false); } if (a.Audience != b.Audience) { return(false); } if (a.Expiration != b.Expiration) { return(false); } if (a.NotBefore != b.NotBefore) { return(false); } return(true); }
/// <summary> /// Creates a new token. /// </summary> /// <param name="claim">The new token information.</param> /// <param name="payload">The payload.</param> /// <returns>A token string.</returns> /// <exception cref="ArgumentNullException"> /// <paramref name="claim"/>> is null. /// </exception> public string CreateToken(ITokenClaim claim, TPayload payload) { if (claim == null) { throw new ArgumentNullException("claim"); } var descriptor = new SecurityTokenDescriptor { }; descriptor.SigningCredentials = GetSigningCredentials(); descriptor.Issuer = Issuer; descriptor.Audience = claim.Audience; descriptor.Expires = claim.Expiration.UtcDateTime; descriptor.NotBefore = claim.NotBefore.UtcDateTime; descriptor.IssuedAt = DateTime.UtcNow; ClaimsIdentity claims = new ClaimsIdentity(); if (!string.IsNullOrEmpty(claim.JwtID)) { claims.AddClaim(new Claim(KnownJwtClaims.JwtID, claim.JwtID)); } if (payload != null) { claims.AddClaim(new Claim(KnownJwtClaims.UserPayload, Newtonsoft.Json.JsonConvert.SerializeObject(payload))); } descriptor.Subject = claims; JwtSecurityToken token = m_TokenHandler.CreateJwtSecurityToken(descriptor); string tokenString = m_TokenHandler.WriteToken(token); return(tokenString); }
/// <summary> /// Validates the specified token. /// </summary> /// <param name="tokenString">The token.</param> /// <param name="claim">The claim obtained from token.</param> /// <param name="payload">The payload obtained from token.</param> /// <param name="tokenState">The state of the token.</param> /// <param name="errorMessage">A message indicating that the token is invalid.</param> /// <returns>true if it is valid; otherwise false.</returns> public bool ValidateToken(string tokenString, out ITokenClaim claim, out TPayload payload, out TokenState tokenState, out string errorMessage) { TokenValidationParameters parameters = new TokenValidationParameters { }; parameters.IssuerSigningKey = m_SecurityKey; parameters.ValidateIssuerSigningKey = true; if (ValidIssuers != null && ValidIssuers.Length > 0) { if (ValidIssuers.Length == 1) { parameters.ValidIssuer = ValidIssuers.First(); } else { parameters.ValidIssuers = ValidIssuers; } parameters.ValidateIssuer = true; } else { parameters.ValidateIssuer = false; } if (ValidAudiences != null && ValidAudiences.Length > 0) { if (ValidAudiences.Length == 1) { parameters.ValidAudience = ValidAudiences.First(); } else { parameters.ValidAudiences = ValidAudiences; } parameters.ValidateAudience = true; } else { parameters.ValidateAudience = false; } parameters.ValidateLifetime = true; parameters.LifetimeValidator = m_LifetimeValidator; try { ClaimsPrincipal claims = m_TokenHandler.ValidateToken(tokenString, parameters, out SecurityToken token); claim = new TokenClaim() { JwtID = GetClaim(claims, KnownJwtClaims.JwtID), Audience = GetClaim(claims, KnownJwtClaims.Audience), Expiration = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.Expiration)), NotBefore = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.NotBefore)), }; string payloadJson = claims.FindFirst(KnownJwtClaims.UserPayload)?.Value; if (string.IsNullOrEmpty(payloadJson)) { payload = default(TPayload); } else { payload = Newtonsoft.Json.JsonConvert.DeserializeObject <TPayload>(payloadJson); } tokenState = TokenState.Valid; errorMessage = null; return(true); } catch (SecurityTokenInvalidLifetimeException ex) { claim = null; payload = default(TPayload); if (ValidateLifetime(ex.NotBefore, ex.Expires, out tokenState, out errorMessage)) { tokenState = TokenState.Invalid; errorMessage = "The token is invalid."; } return(false); } catch (SecurityTokenInvalidIssuerException) { claim = null; payload = default(TPayload); tokenState = TokenState.InvalidIssuer; errorMessage = "The issuer is invalid."; return(false); } catch (SecurityTokenInvalidAudienceException) { claim = null; payload = default(TPayload); tokenState = TokenState.InvalidAudience; errorMessage = "The audience is invalid."; return(false); } catch (Exception) { claim = null; payload = default(TPayload); tokenState = TokenState.Invalid; errorMessage = "The token is invalid."; return(false); } }