public IdTokenVerifier(JObject idToken, string issuerUri, string clientId, int?requestedMaxAge, bool authTimeRequested, string nonce)
{
var timeToleranceInSeconds = 0;
this.idToken = idToken;
checkerManager = new ClaimCheckerManager();
// OpenID specific validation
checkerManager.Add(new IssuerChecker(issuerUri), true);
checkerManager.Add(new AudienceChecker(clientId), true);
checkerManager.Add(new SubChecker(), true);
checkerManager.Add(new ExpirationChecker(timeToleranceInSeconds), true);
checkerManager.Add(new IssuedAtChecker(timeToleranceInSeconds), true);
checkerManager.Add(new AuthTimeChecker(timeToleranceInSeconds, requestedMaxAge ?? 0, authTimeRequested), authTimeRequested);
checkerManager.Add(new NonceChecker(nonce));
// GoodID specific validation
Acr?acr;
if ((acr = idToken["acr"].ToObject <Acr?>()) == null)
{
acr = Acr.LEVEL_DEFAULT;
}
checkerManager.Add(new GoodIDAcrChecker());
checkerManager.Add(new GoodIDAppUserChecker(this.idToken), (acr >= Acr.LEVEL_3));
checkerManager.Add(new GoodIDAppSealChecker(this.idToken), (acr >= Acr.LEVEL_4));
checkerManager.Add(new GoodIDSignaturesChecker(this.idToken));
checkerManager.Add(new GoodIDEmailHashExistenceChecker(), true);
checkerManager.Add(new GoodIDUihExsistenceChecker(), true);
}
public UserinfoVerifier(JObject idToken, JObject userinfo)
{
this.idToken = idToken;
this.userinfo = userinfo;
checkerManager = new ClaimCheckerManager();
// OpenID specific validation
checkerManager.Add(new SubChecker(idToken["sub"].ToObject <string>()), true);
// GoodID specific validation
checkerManager.Add(new GoodIDVerifiedEmailChecker(idToken["email_hash"].ToObject <string>()));
}
