private static List <SecurityKey> GetSecurityKeysFromSettings(TokenValidationSettings settings)
{
var keys = new List <SecurityKey>(settings.Keys.Length);
foreach (var settingsKey in settings.Keys)
{
if (settingsKey.Alg == SecurityAlgorithms.RsaSha256)
{
var publicKeyRsaProvider = new RSACryptoServiceProvider(settingsKey.KeySize ?? 2048);
publicKeyRsaProvider.FromXmlString(
Encoding.UTF8.GetString(
Convert.FromBase64String(settingsKey.Key)));
keys.Add(new RsaSecurityKey(publicKeyRsaProvider)
{
KeyId = settingsKey.Key,
});
}
else if (settingsKey.Alg == SecurityAlgorithms.HmacSha256)
{
keys.Add(new SymmetricSecurityKey(Convert.FromBase64String(settingsKey.Key))
{
KeyId = settingsKey.Key,
});
}
}
return(keys);
}
public static TokenValidationParameters BuildTokenValidationParameters(this TokenValidationSettings settings)
{
if (settings == null)
{
throw new ArgumentException("TokenValidationSettings");
}
if (settings.Keys == null)
{
throw new ArgumentException("TokenValidationSettings.Keys");
}
return(new TokenValidationParameters
{
SignatureValidator = ValidateSignature,
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
ValidAudience = settings.Audience,
ValidIssuer = settings.Issuer,
ValidateLifetime = settings.ValidateLifetime,
ClockSkew = settings.ClockSkew,
IssuerSigningKeys = GetSecurityKeysFromSettings(settings)
});
}
