public void When_verifying(IDictionary <string, object> ignored, string signingKey, string jwt) { IJwtParser parser = new DefaultJwtParser(Serializers.Create().JsonNetSerializer().Build()); var signingKeyBytes = Encoding.UTF8.GetBytes(signingKey); var decoded = parser .SetSigningKey(signingKeyBytes) .Parse(jwt); var validator = new JwtSignatureValidator(signingKeyBytes); validator.IsValid(decoded).ShouldBeTrue(); }
public async Task <object> PremiumInfo() { string accessTokenOnAggregator = premiumInfoValidationService.CheckAndGetAccessTokenOnAggregator(Request); string atHash = HelperHash.AtHashString(accessTokenOnAggregator); var authorizationState = await authorizationStateService.GetAuthStateByTokenAsync(atHash); var servingOperator = idgwConnectorManager.GetServingOperatorByString(authorizationState !.PremiumInfoToken.ServingOperator !); var idgwConnector = idgwConnectorManager[servingOperator]; var idgwResponse = await idgwConnector !.PremiumInfoAsync(authorizationState !.PremiumInfoToken.AccessTokenOnIdgw !); var idgwJwks = await idgwConnector.GetJwksAsync(); var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); if (jwtSecurityTokenHandler.CanReadToken(idgwResponse)) { if (!JwtSignatureValidator.Validate(idgwResponse, idgwJwks, out var idClaims)) { throw new UnifiedException(OAuth2Error.UnauthorizedClient); } var jwtPayload = jwtSecurityTokenHandler.ReadJwtToken(idgwResponse).Payload; if (authorizationState !.IsPremiumInfoSigned) { return(SignedJwtCreator.Create(jwtPayload, settings.PrivateKey !)); } return(jwtPayload); } if (authorizationState !.IsPremiumInfoSigned) { var newPayload = JwtPayload.Deserialize(idgwResponse); return(SignedJwtCreator.Create(newPayload, settings.PrivateKey !)); } var idgwResponseJson = JsonDocument.Parse(idgwResponse); if (idgwResponseJson != null) { return(idgwResponseJson); } return(idgwResponse); }
public JwtAccessToken(string source, string?issuerJwks = null) { if (new JsonWebTokenHandler().CanReadToken(source)) { JsonWebToken jsonWebToken = new(source); Aud = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Aud, out string aud) ? aud : null; Azp = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Azp, out string azp) ? azp : null; Exp = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Exp, out long exp) ? exp : null; Iat = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Iat, out long iat) ? iat : null; Iss = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Iss, out string iss) ? iss : null; Jti = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Jti, out Guid jti) ? jti : null; Sub = jsonWebToken.TryGetPayloadValue(JwtRegisteredClaimNames.Sub, out string sub) ? sub : null; if (issuerJwks != null) { SourceSignatureIsValid = JwtSignatureValidator.Validate(source, issuerJwks, out _); } IsJwt = true; } }