public Task <SecretValidationResult> ValidateAsync(IEnumerable <Secret> secrets, ParsedSecret parsedSecret) { var fail = Task.FromResult(new SecretValidationResult { Success = false }); var success = Task.FromResult(new SecretValidationResult { Success = true }); if (parsedSecret.Type != IdentityServerConstants.ParsedSecretTypes.JwtBearer) { return(fail); } if (!(parsedSecret.Credential is string jwtTokenString)) { _logger.LogError("ParsedSecret.Credential is not a string."); return(fail); } if (!_genericJwtValidator.IsValid(jwtTokenString, parsedSecret.Id, _partyDetailsOptions.ClientId)) { _logger.LogError("ParsedSecret.Credential is not a valid JWT."); return(fail); } return(success); }
public void IsValid_JwtHeaderAlgInvalid_ReturnsFalse(string signingAlgorithm) { var jwt = CreateClientAssertionJwt(signingAlgorithm); var result = _sut.IsValid(jwt, ClientId, TestData.SchemeOwner.ClientId); result.Should().BeFalse(); }
protected async Task <JwtSecurityToken> ValidateJwtAsync(string jwtTokenString, Client client) { if (!_defaultJwtValidator.IsValid(jwtTokenString, client.ClientId, _audience)) { throw new SecurityTokenException(); } var validationResult = await _assertionManager.ValidateAsync(jwtTokenString); if (!validationResult.Success) { throw new SecurityTokenException(); } var securityToken = new JwtSecurityTokenHandler().ReadToken(jwtTokenString); var jwtToken = (JwtSecurityToken)securityToken; return(jwtToken); }
public async Task <IdentityResult> Validate(DelegationMask mask) { try { if (mask.PreviousSteps != null) { foreach (var step in mask.PreviousSteps) { var assertion = _assertionParser.Parse(step); var result = await _assertionParser.ValidateAsync(assertion); if (!result.Success || !_defaultJwtValidator.IsValid(step, mask.DelegationRequest.Target.AccessSubject, // client id should be access subject _context.HttpContext.User.GetRequestingClientId() // audience should be the requester id )) { return(IdentityResult.Failed(new IdentityError { Code = "previous_steps_validation_error" })); } if (mask.DelegationRequest.Target.AccessSubject != assertion.JwtToken.Issuer) { return(IdentityResult.Failed(new IdentityError { Code = "invalid_delegation_assertion_pair" })); } } } return(IdentityResult.Success); } catch (Exception ex) { _logger.LogWarning(ex, "Exception while authorizing previous steps"); return(IdentityResult.Failed(new IdentityError { Code = "previous_steps_validation_error", Description = ex.Message })); } }