public UserinfoVerifier(JObject idToken, JObject userinfo) { this.idToken = idToken; this.userinfo = userinfo; checkerManager = new ClaimCheckerManager(); // OpenID specific validation checkerManager.Add(new SubChecker(idToken["sub"].ToObject <string>()), true); // GoodID specific validation checkerManager.Add(new GoodIDVerifiedEmailChecker(idToken["email_hash"].ToObject <string>())); }
public IdTokenVerifier(JObject idToken, string issuerUri, string clientId, int?requestedMaxAge, bool authTimeRequested, string nonce) { var timeToleranceInSeconds = 0; this.idToken = idToken; checkerManager = new ClaimCheckerManager(); // OpenID specific validation checkerManager.Add(new IssuerChecker(issuerUri), true); checkerManager.Add(new AudienceChecker(clientId), true); checkerManager.Add(new SubChecker(), true); checkerManager.Add(new ExpirationChecker(timeToleranceInSeconds), true); checkerManager.Add(new IssuedAtChecker(timeToleranceInSeconds), true); checkerManager.Add(new AuthTimeChecker(timeToleranceInSeconds, requestedMaxAge ?? 0, authTimeRequested), authTimeRequested); checkerManager.Add(new NonceChecker(nonce)); // GoodID specific validation Acr?acr; if ((acr = idToken["acr"].ToObject <Acr?>()) == null) { acr = Acr.LEVEL_DEFAULT; } checkerManager.Add(new GoodIDAcrChecker()); checkerManager.Add(new GoodIDAppUserChecker(this.idToken), (acr >= Acr.LEVEL_3)); checkerManager.Add(new GoodIDAppSealChecker(this.idToken), (acr >= Acr.LEVEL_4)); checkerManager.Add(new GoodIDSignaturesChecker(this.idToken)); checkerManager.Add(new GoodIDEmailHashExistenceChecker(), true); checkerManager.Add(new GoodIDUihExsistenceChecker(), true); }