C# (CSharp) Google.Apis.Auth SignedTokenVerificationの例

コード例 #1

ファイル: GoogleJsonWebSignature.cs プロジェクト: amanda-tarafa/google-api-dotnet-client

        // internal for testing
        internal static async Task <Payload> ValidateInternalAsync(string jwt, ValidationSettings validationSettings)
        {
            var settings            = validationSettings.ThrowIfNull(nameof(validationSettings)).Clone();
            var verificationOptions = validationSettings.ToVerificationOptions();
            var signedToken         = SignedToken <Header, Payload> .FromSignedToken(jwt);

            // Start general validation task ...
            var generalValidationTask = SignedTokenVerification.VerifySignedTokenAsync(signedToken, verificationOptions, default);

            // ... and do Google specific validation in the meantime.

            // Google signed tokens must not exceed this length.
            // It's not clear if there's an absolute size limit for all possible tokens,
            // that's why this check is only here and not on SignedTokenVerification.
            if (jwt.Length > MaxJwtLength)
            {
                throw new InvalidJwtException($"JWT exceeds maximum allowed length of {MaxJwtLength}");
            }
            // Google signed tokens are signed with RS256.
            if (signedToken.Header.Algorithm != SupportedJwtAlgorithm)
            {
                throw new InvalidJwtException($"JWT algorithm must be '{SupportedJwtAlgorithm}'");
            }
            // Google signed tokens can contain a G Suite hosted domain claim.
            if (settings.HostedDomain != null && signedToken.Payload.HostedDomain != settings.HostedDomain)
            {
                throw new InvalidJwtException("JWT contains invalid 'hd' claim.");
            }

            // ... finally wait for the general verifications to be done.
            await generalValidationTask.ConfigureAwait(false);

            // All verification passed, return payload.
            return(signedToken.Payload);
        }

コード例 #2

ファイル: JsonWebSignature.cs プロジェクト: rms2307/google-api-dotnet-client

        /// <summary>
        /// Verifies that the given token is a valid, not expired, signed token.
        /// </summary>
        /// <param name="signedJwt">The token to verify.</param>
        /// <param name="options">The options to use for verification.
        /// May be null in which case default options will be used.</param>
        /// <param name="cancellationToken">The cancellation token for the operation.</param>
        /// <returns>The payload contained by the token.</returns>
        /// <exception cref="InvalidJwtException">If the token is invalid or expired.</exception>
        public async static Task <Payload> VerifySignedTokenAsync(
            string signedJwt, SignedTokenVerificationOptions options = null, CancellationToken cancellationToken = default)
        {
            var signedToken = SignedToken <Header, Payload> .FromSignedToken(signedJwt);

            await SignedTokenVerification.VerifySignedTokenAsync(signedToken, options, cancellationToken).ConfigureAwait(false);

            return(signedToken.Payload);
        }