public Task <IdentityTokenValidationResult> ValidateAsync(string identityToken, string clientId, ProviderInformation providerInformation) { var fail = new IdentityTokenValidationResult { Success = false }; var e = Base64Url.Decode(providerInformation.KeySet.Keys.First().E); var n = Base64Url.Decode(providerInformation.KeySet.Keys.First().N); var pubKey = PublicKey.New(e, n); var json = JosePCL.Jwt.Decode(identityToken, pubKey); var payload = JObject.Parse(json); var issuer = payload["iss"].ToString(); var audience = payload["aud"].ToString(); if (issuer != providerInformation.IssuerName) { fail.Error = "Invalid issuer name"; return(Task.FromResult(fail)); } if (audience != clientId) { fail.Error = "Invalid audience"; return(Task.FromResult(fail)); } var exp = payload["exp"].ToString(); var nbf = payload["nbf"].ToString(); var utcNow = DateTime.UtcNow; var notBefore = long.Parse(nbf).ToDateTimeFromEpoch(); var expires = long.Parse(exp).ToDateTimeFromEpoch(); if (notBefore > utcNow.Add(ClockSkew)) { fail.Error = "Token not valid yet"; return(Task.FromResult(fail)); } if (expires < utcNow.Add(ClockSkew.Negate())) { fail.Error = "Token expired"; return(Task.FromResult(fail)); } return(Task.FromResult(new IdentityTokenValidationResult { Success = true, Claims = payload.ToClaims(), SignatureAlgorithm = "RS256" })); }
public Task <IdentityTokenValidationResult> ValidateAsync(string identityToken, string clientId, ProviderInformation providerInformation) { Logger.Debug("starting identity token validation"); Logger.Debug($"identity token: {identityToken}"); var fail = new IdentityTokenValidationResult(); ValidatedToken token; try { token = ValidateSignature(identityToken, providerInformation.KeySet); } catch (Exception ex) { fail.Error = ex.ToString(); Logger.Error(fail.Error); return(Task.FromResult(fail)); } if (!token.Success) { fail.Error = token.Error; Logger.Error(fail.Error); return(Task.FromResult(fail)); } var issuer = token.Payload["iss"].ToString(); Logger.Debug($"issuer: {issuer}"); var audience = token.Payload["aud"].ToString(); Logger.Debug($"audience: {audience}"); if (!string.Equals(issuer, providerInformation.IssuerName, StringComparison.Ordinal)) { fail.Error = "Invalid issuer name"; Logger.Error(fail.Error); return(Task.FromResult(fail)); } if (!string.Equals(audience, clientId, StringComparison.Ordinal)) { fail.Error = "Invalid audience"; Logger.Error(fail.Error); return(Task.FromResult(fail)); } var utcNow = DateTime.UtcNow; var exp = token.Payload.Value <long>("exp"); var nbf = token.Payload.Value <long?>("nbf"); Logger.Debug($"exp: {exp}"); if (nbf != null) { Logger.Debug($"nbf: {nbf}"); var notBefore = nbf.Value.ToDateTimeFromEpoch(); if (notBefore > utcNow.Add(ClockSkew)) { fail.Error = "Token not valid yet"; Logger.Error(fail.Error); return(Task.FromResult(fail)); } } var expires = exp.ToDateTimeFromEpoch(); if (expires < utcNow.Add(ClockSkew.Negate())) { fail.Error = "Token expired"; Logger.Error(fail.Error); return(Task.FromResult(fail)); } Logger.Info("identity token validation success"); return(Task.FromResult(new IdentityTokenValidationResult { Claims = token.Payload.ToClaims(), SignatureAlgorithm = token.Algorithm })); }
public TokenResponseValidationResult(IdentityTokenValidationResult result) { IdentityTokenValidationResult = result; }