//Encodes JWK
public static string ToJwkString(this JsonWebKey key)
{
var json = JsonConvert.SerializeObject(key);
return(Base64Url.Encode(Encoding.UTF8.GetBytes(json)));
}
/// <summary>
/// Validates ID token
/// </summary>
/// <param name="idToken"></param>
/// <returns></returns>
public Task <bool> ValidateIDTokenAsync(String idToken)
{
IList <JsonWebKey> keys = DiscoveryDoc.KeySet.Keys;
string mod = "";
string exponent = "";
if (keys != null)
{
foreach (var key in keys)
{
if (key.N != null)
{
mod = key.N;
}
if (key.N != null)
{
exponent = key.E;
}
}
if (idToken != null)
{
string[] splitValues = idToken.Split('.');
if (splitValues[0] != null)
{
var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString()));
IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson);
if (headerData.Kid == null)
{
return(Task.FromResult(false));
}
if (headerData.Alg == null)
{
return(Task.FromResult(false));
}
}
if (splitValues[1] != null)
{
var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString()));
IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson);
if (payloadData.Aud != null)
{
if (payloadData.Aud[0].ToString() != ClientID)
{
return(Task.FromResult(false));
}
}
else
{
return(Task.FromResult(false));
}
if (payloadData.Auth_time == null)
{
return(Task.FromResult(false));
}
if (payloadData.Exp != null)
{
long expiration = Convert.ToInt64(payloadData.Exp);
long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow);
if ((expiration - currentEpochTime) <= 0)
{
return(Task.FromResult(false));
}
}
if (payloadData.Iat == null)
{
return(Task.FromResult(false));
}
if (payloadData.Iss != null)
{
if (payloadData.Iss.ToString() != DiscoveryDoc.Issuer)
{
return(Task.FromResult(false));
}
}
else
{
return(Task.FromResult(false));
}
if (payloadData.Sub == null)
{
return(Task.FromResult(false));
}
}
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters()
{
Modulus = Base64Url.Decode(mod),
Exponent = Base64Url.Decode(exponent)
});
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2])))
{
return(Task.FromResult(true));
}
}
}
return(Task.FromResult(false));
}
