//Encodes JWK public static string ToJwkString(this JsonWebKey key) { var json = JsonConvert.SerializeObject(key); return(Base64Url.Encode(Encoding.UTF8.GetBytes(json))); }
/// <summary> /// Validates ID token /// </summary> /// <param name="idToken"></param> /// <returns></returns> public Task <bool> ValidateIDTokenAsync(String idToken) { IList <JsonWebKey> keys = DiscoveryDoc.KeySet.Keys; string mod = ""; string exponent = ""; if (keys != null) { foreach (var key in keys) { if (key.N != null) { mod = key.N; } if (key.N != null) { exponent = key.E; } } if (idToken != null) { string[] splitValues = idToken.Split('.'); if (splitValues[0] != null) { var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString())); IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson); if (headerData.Kid == null) { return(Task.FromResult(false)); } if (headerData.Alg == null) { return(Task.FromResult(false)); } } if (splitValues[1] != null) { var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString())); IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson); if (payloadData.Aud != null) { if (payloadData.Aud[0].ToString() != ClientID) { return(Task.FromResult(false)); } } else { return(Task.FromResult(false)); } if (payloadData.Auth_time == null) { return(Task.FromResult(false)); } if (payloadData.Exp != null) { long expiration = Convert.ToInt64(payloadData.Exp); long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow); if ((expiration - currentEpochTime) <= 0) { return(Task.FromResult(false)); } } if (payloadData.Iat == null) { return(Task.FromResult(false)); } if (payloadData.Iss != null) { if (payloadData.Iss.ToString() != DiscoveryDoc.Issuer) { return(Task.FromResult(false)); } } else { return(Task.FromResult(false)); } if (payloadData.Sub == null) { return(Task.FromResult(false)); } } RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = Base64Url.Decode(mod), Exponent = Base64Url.Decode(exponent) }); SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1])); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); rsaDeformatter.SetHashAlgorithm("SHA256"); if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2]))) { return(Task.FromResult(true)); } } } return(Task.FromResult(false)); }