C# (CSharp) IdentityModel.OidcClient Claims.FindFirst Exemples

Exemple #1

Fichier : OidcClient.cs Projet : vkuttyp/IdentityModel.OidcClient

        private bool ValidateAccessTokenHash(string accessToken, Claims claims)
        {
            // validate c_hash
            var atHash = claims.FindFirst(JwtClaimTypes.AccessTokenHash)?.Value ?? "";

            if (atHash.IsMissing())
            {
                return(true);
            }

            var sha256 = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256);

            var codeHash = sha256.HashData(
                CryptographicBuffer.CreateFromByteArray(
                    Encoding.UTF8.GetBytes(accessToken)));

            byte[] atHashArray;
            CryptographicBuffer.CopyToByteArray(codeHash, out atHashArray);

            byte[] leftPart = new byte[16];
            Array.Copy(atHashArray, leftPart, 16);

            var leftPartB64 = Base64Url.Encode(leftPart);

            return(leftPartB64.Equals(atHash));
        }

Exemple #2

Fichier : ResponseValidator.cs Projet : yenwepapa/IdentityModel.OidcClient

        private bool ValidateNonce(string nonce, Claims claims)
        {
            Logger.Debug("validate nonce");

            var tokenNonce = claims.FindFirst(JwtClaimTypes.Nonce)?.Value ?? "";
            var match      = string.Equals(nonce, tokenNonce, StringComparison.Ordinal);

            if (!match)
            {
                Logger.Error($"nonce ({nonce}) does not match nonce from token ({tokenNonce})");
            }

            Logger.Debug("success");
            return(match);
        }

Exemple #3

Fichier : ResponseValidator.cs Projet : yenwepapa/IdentityModel.OidcClient

        private bool ValidateAccessTokenHash(string accessToken, int signingAlgorithmBits, Claims claims)
        {
            Logger.Debug("validate authorization code hash");

            var atHash = claims.FindFirst(JwtClaimTypes.AccessTokenHash)?.Value ?? "";

            if (atHash.IsMissing())
            {
                return(true);
            }

            var hashAlgorithm = GetHashAlgorithm(signingAlgorithmBits);

            if (hashAlgorithm == null)
            {
                Logger.Error("No appropriate hashing algorithm found.");
            }

            var codeHash = hashAlgorithm.HashData(
                CryptographicBuffer.CreateFromByteArray(
                    Encoding.UTF8.GetBytes(accessToken)));

            byte[] atHashArray;
            CryptographicBuffer.CopyToByteArray(codeHash, out atHashArray);

            byte[] leftPart = new byte[signingAlgorithmBits / 16];
            Array.Copy(atHashArray, leftPart, signingAlgorithmBits / 16);

            var leftPartB64 = Base64Url.Encode(leftPart);

            var match = leftPartB64.Equals(atHash);

            if (!match)
            {
                Logger.Error($"access token hash ({leftPartB64}) does not match at_hash from token ({atHash})");
            }

            Logger.Debug("success");
            return(match);
        }

Exemple #4

Fichier : OidcClient.cs Projet : vkuttyp/IdentityModel.OidcClient

        private bool ValidateNonce(string nonce, Claims claims)
        {
            var tokenNonce = claims.FindFirst(JwtClaimTypes.Nonce)?.Value ?? "";

            return(string.Equals(nonce, tokenNonce, StringComparison.Ordinal));
        }