public async Task <BoolValue <ClaimsPrincipal> > ValidateAsync(string idToken, JwtTokenValidationOptions options = null) { try { var discoveryDocument = await DiscoveryDocument.DownloadAsync(idToken); if (!discoveryDocument) { return(BoolValue <ClaimsPrincipal> .Fail(discoveryDocument.Message, discoveryDocument.Exception)); } var jwks = await JsonWebKeySet.DownloadAsync(discoveryDocument.Value.JwksUri); if (!jwks) { return(BoolValue <ClaimsPrincipal> .Fail(jwks.Message, jwks.Exception)); } options ??= new JwtTokenValidationOptions(); var parameters = options.ToTokenValidationParameters( new JwtSecurityToken(idToken), discoveryDocument.Value, jwks.Value); var handler = new JwtSecurityTokenHandler(); handler.InboundClaimTypeMap.Clear(); var user = handler.ValidateToken(idToken, parameters, out _); return(BoolValue <ClaimsPrincipal> .Success(user)); } catch (Exception ex) { return(BoolValue <ClaimsPrincipal> .Fail(ex.Message, ex)); } }
internal TokenValidationParameters ToTokenValidationParameters( JwtSecurityToken jwtSecurityToken, DiscoveryDocument discoveryDocumentValue, JsonWebKeySet jwksKeySet) { return(new TokenValidationParameters { ValidIssuer = discoveryDocumentValue.Issuer, ValidAudience = jwtSecurityToken.Audiences.First(), IssuerSigningKeys = jwksKeySet.Keys, NameClaimType = "name", RoleClaimType = "role", ValidateAudience = ValidateAudience, RequireExpirationTime = RequireExpirationTime, RequireSignedTokens = RequireSignedTokens, SaveSigninToken = SaveSigninToken, ValidateActor = ValidateActor, ValidateIssuer = ValidateIssuer, ValidateIssuerSigningKey = ValidateIssuerSigningKey, ValidateLifetime = ValidateLifetime }); }