/// <summary> /// Branca specification-level token generation /// </summary> /// <param name="payload">The payload to be encrypted into the Branca token</param> /// <param name="timestamp">The timestamp included in the Branca token (iat: issued at)</param> /// <param name="key">32-byte private key used to encrypt and decrypt the Branca token</param> /// <returns>Base62 encoded Branca Token</returns> public virtual string CreateToken(string payload, DateTimeOffset timestamp, byte[] key) => CreateToken(payload, BrancaToken.GetBrancaTimestamp(timestamp), key);
public override TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters) { if (string.IsNullOrWhiteSpace(token)) { return new TokenValidationResult { Exception = new ArgumentNullException(nameof(token)) } } ; if (validationParameters == null) { return new TokenValidationResult { Exception = new ArgumentNullException(nameof(validationParameters)) } } ; if (!CanReadToken(token)) { return new TokenValidationResult { Exception = new SecurityTokenException("Unable to read token") } } ; // get decryption keys var securityKeys = GetBrancaDecryptionKeys(token, validationParameters); BrancaToken decryptedToken = null; foreach (var securityKey in securityKeys) { try { decryptedToken = DecryptToken(token, securityKey.Key); if (decryptedToken != null) { break; } } catch (Exception) { // ignored } } if (decryptedToken == null) { return new TokenValidationResult { Exception = new SecurityTokenDecryptionFailedException("Unable to decrypt token") } } ; BrancaSecurityToken brancaToken; try { brancaToken = new BrancaSecurityToken(decryptedToken); } catch (Exception e) { return(new TokenValidationResult { Exception = e }); } var innerValidationResult = ValidateTokenPayload(brancaToken, validationParameters); if (!innerValidationResult.IsValid) { return(innerValidationResult); } var identity = innerValidationResult.ClaimsIdentity; if (validationParameters.SaveSigninToken) { identity.BootstrapContext = token; } return(new TokenValidationResult { SecurityToken = brancaToken, ClaimsIdentity = identity, IsValid = true }); }
public BrancaSecurityToken(BrancaToken token) : base(token.Payload) { IssuedAt = token.Timestamp; }