/// <summary>
///
/// </summary>
/// <param name="a"></param>
/// <param name="b"></param>
/// <returns></returns>
private bool ValueEquals(ITokenClaim a, ITokenClaim b)
{
if (a.JwtID != b.JwtID)
{
return(false);
}
if (a.Audience != b.Audience)
{
return(false);
}
if (a.Expiration != b.Expiration)
{
return(false);
}
if (a.NotBefore != b.NotBefore)
{
return(false);
}
return(true);
}
/// <summary>
/// Creates a new token.
/// </summary>
/// <param name="claim">The new token information.</param>
/// <param name="payload">The payload.</param>
/// <returns>A token string.</returns>
/// <exception cref="ArgumentNullException">
/// <paramref name="claim"/>> is null.
/// </exception>
public string CreateToken(ITokenClaim claim, TPayload payload)
{
if (claim == null)
{
throw new ArgumentNullException("claim");
}
var descriptor = new SecurityTokenDescriptor {
};
descriptor.SigningCredentials = GetSigningCredentials();
descriptor.Issuer = Issuer;
descriptor.Audience = claim.Audience;
descriptor.Expires = claim.Expiration.UtcDateTime;
descriptor.NotBefore = claim.NotBefore.UtcDateTime;
descriptor.IssuedAt = DateTime.UtcNow;
ClaimsIdentity claims = new ClaimsIdentity();
if (!string.IsNullOrEmpty(claim.JwtID))
{
claims.AddClaim(new Claim(KnownJwtClaims.JwtID, claim.JwtID));
}
if (payload != null)
{
claims.AddClaim(new Claim(KnownJwtClaims.UserPayload, Newtonsoft.Json.JsonConvert.SerializeObject(payload)));
}
descriptor.Subject = claims;
JwtSecurityToken token = m_TokenHandler.CreateJwtSecurityToken(descriptor);
string tokenString = m_TokenHandler.WriteToken(token);
return(tokenString);
}
/// <summary>
/// Validates the specified token.
/// </summary>
/// <param name="tokenString">The token.</param>
/// <param name="claim">The claim obtained from token.</param>
/// <param name="payload">The payload obtained from token.</param>
/// <param name="tokenState">The state of the token.</param>
/// <param name="errorMessage">A message indicating that the token is invalid.</param>
/// <returns>true if it is valid; otherwise false.</returns>
public bool ValidateToken(string tokenString, out ITokenClaim claim, out TPayload payload, out TokenState tokenState, out string errorMessage)
{
TokenValidationParameters parameters = new TokenValidationParameters {
};
parameters.IssuerSigningKey = m_SecurityKey;
parameters.ValidateIssuerSigningKey = true;
if (ValidIssuers != null && ValidIssuers.Length > 0)
{
if (ValidIssuers.Length == 1)
{
parameters.ValidIssuer = ValidIssuers.First();
}
else
{
parameters.ValidIssuers = ValidIssuers;
}
parameters.ValidateIssuer = true;
}
else
{
parameters.ValidateIssuer = false;
}
if (ValidAudiences != null && ValidAudiences.Length > 0)
{
if (ValidAudiences.Length == 1)
{
parameters.ValidAudience = ValidAudiences.First();
}
else
{
parameters.ValidAudiences = ValidAudiences;
}
parameters.ValidateAudience = true;
}
else
{
parameters.ValidateAudience = false;
}
parameters.ValidateLifetime = true;
parameters.LifetimeValidator = m_LifetimeValidator;
try
{
ClaimsPrincipal claims = m_TokenHandler.ValidateToken(tokenString, parameters, out SecurityToken token);
claim = new TokenClaim()
{
JwtID = GetClaim(claims, KnownJwtClaims.JwtID),
Audience = GetClaim(claims, KnownJwtClaims.Audience),
Expiration = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.Expiration)),
NotBefore = ToDateTimeOffset(GetClaim(claims, KnownJwtClaims.NotBefore)),
};
string payloadJson = claims.FindFirst(KnownJwtClaims.UserPayload)?.Value;
if (string.IsNullOrEmpty(payloadJson))
{
payload = default(TPayload);
}
else
{
payload = Newtonsoft.Json.JsonConvert.DeserializeObject <TPayload>(payloadJson);
}
tokenState = TokenState.Valid;
errorMessage = null;
return(true);
}
catch (SecurityTokenInvalidLifetimeException ex)
{
claim = null;
payload = default(TPayload);
if (ValidateLifetime(ex.NotBefore, ex.Expires, out tokenState, out errorMessage))
{
tokenState = TokenState.Invalid;
errorMessage = "The token is invalid.";
}
return(false);
}
catch (SecurityTokenInvalidIssuerException)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.InvalidIssuer;
errorMessage = "The issuer is invalid.";
return(false);
}
catch (SecurityTokenInvalidAudienceException)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.InvalidAudience;
errorMessage = "The audience is invalid.";
return(false);
}
catch (Exception)
{
claim = null;
payload = default(TPayload);
tokenState = TokenState.Invalid;
errorMessage = "The token is invalid.";
return(false);
}
}
