public static IdToken Parse(string idToken)
{
if (string.IsNullOrEmpty(idToken))
{
return(null);
}
IdToken idTokenBody = null;
string[] idTokenSegments = idToken.Split(new[] { '.' });
if (idTokenSegments.Length < 2)
{
throw new MsalClientException(
MsalError.InvalidJwtError,
MsalErrorMessage.IDTokenMustHaveTwoParts);
}
try
{
byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]);
idTokenBody = JsonHelper.DeserializeFromJson <IdToken>(idTokenBytes);
}
catch (JsonException exc)
{
throw new MsalClientException(
MsalError.JsonParseError,
MsalErrorMessage.FailedToParseIDToken,
exc);
}
return(idTokenBody);
}
public static IdToken Parse(string idToken)
{
if (string.IsNullOrEmpty(idToken))
{
return(null);
}
IdToken idTokenBody = null;
string[] idTokenSegments = idToken.Split(new[] { '.' });
if (idTokenSegments.Length < 2)
{
throw new MsalClientException(MsalClientException.InvalidJwtError, "ID Token must contain at least 2 parts.");
}
try
{
byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]);
using (var stream = new MemoryStream(idTokenBytes))
{
var serializer = new DataContractJsonSerializer(typeof(IdToken));
idTokenBody = (IdToken)serializer.ReadObject(stream);
}
}
catch (Exception exc)
{
throw new MsalClientException(MsalClientException.JsonParseError,
"Failed to parse the returned id token.", exc);
}
return(idTokenBody);
}
public static ClientInfo CreateFromJson(string clientInfo)
{
if (string.IsNullOrEmpty(clientInfo))
{
throw new MsalClientException(MsalClientException.JsonParseError, "client info is null");
}
try
{
return(JsonHelper.DeserializeFromJson <ClientInfo>(Base64UrlHelpers.DecodeToBytes(clientInfo)));
}
catch (Exception exc)
{
throw new MsalClientException(MsalClientException.JsonParseError,
"Failed to parse the returned client info.", exc);
}
}
public static IdToken Parse(string idToken)
{
if (string.IsNullOrEmpty(idToken))
{
return(null);
}
string[] idTokenSegments = idToken.Split(new[] { '.' });
if (idTokenSegments.Length < 2)
{
throw new MsalClientException(
MsalError.InvalidJwtError,
MsalErrorMessage.IDTokenMustHaveTwoParts);
}
try
{
string payload = Base64UrlHelpers.Decode(idTokenSegments[1]);
var idTokenClaims = JsonConvert.DeserializeObject <Dictionary <string, object> >(payload);
IdToken parsedIdToken = new IdToken();
List <Claim> claims = GetClaimsFromRawToken(idTokenClaims);
parsedIdToken.ClaimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims));
parsedIdToken.ObjectId = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.ObjectId)?.Value;
parsedIdToken.Subject = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Subject)?.Value;
parsedIdToken.TenantId = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.TenantId)?.Value;
parsedIdToken.PreferredUsername = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.PreferredUsername)?.Value;
parsedIdToken.Name = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Name)?.Value;
parsedIdToken.Upn = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Upn)?.Value;
parsedIdToken.GivenName = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.GivenName)?.Value;
parsedIdToken.FamilyName = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.FamilyName)?.Value;
return(parsedIdToken);
}
catch (JsonException exc)
{
throw new MsalClientException(
MsalError.JsonParseError,
MsalErrorMessage.FailedToParseIDToken,
exc);
}
}
public static ClientInfo CreateFromEncodedString(string encodedUserIdentiier)
{
if (string.IsNullOrEmpty(encodedUserIdentiier))
{
return(null);
}
string[] artifacts = encodedUserIdentiier.Split('.');
if (artifacts.Length == 0)
{
return(null);
}
return(new ClientInfo()
{
UniqueIdentifier = Base64UrlHelpers.DecodeToString(artifacts[0]),
UniqueTenantIdentifier = Base64UrlHelpers.DecodeToString(artifacts[1]),
});
}
private static string UrlEncodeSegment(byte[] segment)
{
return(Base64UrlHelpers.Encode(segment));
}
public ClientCredentialWrapper(ApplicationConfiguration config)
{
ConfidentialClientApplication.GuardMobileFrameworks();
if (config.ConfidentialClientCredentialCount == 0)
{
throw new MsalClientException(
MsalError.ClientCredentialAuthenticationTypeMustBeDefined,
MsalErrorMessage.ClientCredentialAuthenticationTypeMustBeDefined);
}
if (config.ConfidentialClientCredentialCount > 1)
{
throw new MsalClientException(MsalError.ClientCredentialAuthenticationTypesAreMutuallyExclusive, MsalErrorMessage.ClientCredentialAuthenticationTypesAreMutuallyExclusive);
}
if (!string.IsNullOrWhiteSpace(config.ClientSecret))
{
AuthenticationType = ConfidentialClientAuthenticationType.ClientSecret;
}
if (config.ClientCredentialCertificate != null)
{
if (config.ClaimsToSign != null && config.ClaimsToSign.Any())
{
AuthenticationType = ConfidentialClientAuthenticationType.ClientCertificateWithClaims;
AppendDefaultClaims = config.MergeWithDefaultClaims;
}
else
{
AuthenticationType = ConfidentialClientAuthenticationType.ClientCertificate;
}
}
if (!string.IsNullOrWhiteSpace(config.SignedClientAssertion))
{
AuthenticationType = ConfidentialClientAuthenticationType.SignedClientAssertion;
}
if (config.SignedClientAssertionDelegate != null)
{
AuthenticationType = ConfidentialClientAuthenticationType.SignedClientAssertionDelegate;
}
switch (AuthenticationType)
{
case ConfidentialClientAuthenticationType.ClientCertificate:
Certificate = config.ClientCredentialCertificate;
break;
case ConfidentialClientAuthenticationType.ClientCertificateWithClaims:
Certificate = config.ClientCredentialCertificate;
ClaimsToSign = config.ClaimsToSign;
break;
case ConfidentialClientAuthenticationType.ClientSecret:
Secret = config.ClientSecret;
break;
case ConfidentialClientAuthenticationType.SignedClientAssertion:
SignedAssertion = config.SignedClientAssertion;
break;
case ConfidentialClientAuthenticationType.SignedClientAssertionDelegate:
SignedAssertionDelegate = config.SignedClientAssertionDelegate;
break;
default:
throw new NotImplementedException();
}
if (Certificate != null)
{
Thumbprint = Base64UrlHelpers.Encode(Certificate.GetCertHash());
}
}