public async Task <JsonWebToken> DeserializeAsync(string token)
{
if (token == null)
{
throw new ArgumentNullException(nameof(token));
}
var splittedToken = token.Split('.');
// JWS compact token has always 3 parts
if (splittedToken.Length != 3)
{
throw new InvalidJsonWebSignatureToken("invalid token format");
}
var header = JoseHeader.Parse(UTF8.GetString(splittedToken[0].FromBase64Url()));
// the algorithm must be the same to avoid vulnerabilities
if (this.algorithm.Name != header.Algorithm)
{
throw new InvalidJsonWebSignatureToken("Algorithms mismatch");
}
var payload = UTF8.GetString(splittedToken[1].FromBase64Url());
var signature = splittedToken.Skip(2).Single().FromBase64Url();
var contentToSign = string.Join(".", splittedToken.Take(2));
if (!await this.algorithm.VerifyAsync(header, contentToSign, signature))
{
throw new InvalidJsonWebSignatureToken("signatures mismatch");
}
return(JsonWebToken.Parse(payload));
}
public void Critical_Header_As_List()
{
JoseHeader.Parse(@"{ typ: 'example', cty: 'application/example;part=""1/2""', crit: ['test', 'tt'], 'test': 'dsgffgdf', 'tt': '..' }");
}
public void Critical_Header_As_String()
{
JoseHeader.Parse(@"{ typ: 'example', cty: 'application/example;part=""1/2""', crit: 'test', 'test': 'dsgffgdf' }");
}