private void Validate(string payload, string payloadJson, string[] parts, byte[] key) { var crypto = JsonWebToken.Base64UrlDecode(parts[2]); var decodedCrypto = Convert.ToBase64String(crypto); var header = parts[0]; var headerJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(header)); var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson); var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(header, ".", payload)); var algName = (string)headerData["alg"]; var alg = _algFactory.Create(algName); var signatureData = alg.Sign(key, bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); _jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); }
/// <inheritdoc /> public string Decode(string token, byte[] key, bool verify) { var parts = token.Split('.'); if (parts.Length != 3) { throw new ArgumentException("Token must consist from 3 delimited by dot parts"); } var payload = parts[1]; var payloadJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(payload)); if (verify) { Validate(payload, payloadJson, parts, key); } return(payloadJson); }