private DataResponse <IDictionary <string, string> > ParseClaims(string input) { var response = new DataResponse <IDictionary <string, string> >(true); try { response.Data = JsonConvert.DeserializeObject <IDictionary <string, string> >(input); } catch (JsonReaderException ex) { var errorMessage = "The Authorisation header must be supplied as a valid JWT."; if (!string.IsNullOrWhiteSpace(ex.Path) && _validClaims.Contains(ex.Path)) { errorMessage = BaseErrorMessage(ex.Path); } response.SetError(errorMessage); } catch (Exception ex) { response.SetError("The Authorisation header must be supplied"); } return(response); }
private DataResponse <IDictionary <string, string> > ParseJwt(string jwt) { var response = new DataResponse <IDictionary <string, string> >(true); if (string.IsNullOrEmpty(jwt)) { response.SetError("The Authorisation header must be supplied"); return(response); } if (jwt.StartsWith("Bearer ")) { jwt = jwt.Replace("Bearer ", ""); } //This should be a basic Base64UrlEncoded token var claimsHashItems = jwt.Split('.'); if (claimsHashItems.Count() != 3) { response.SetError("The JWT associated with the Authorisation header must have the 3 sections"); return(response); } //Skip header parsing //var header = claimsHashItems.First(); //Skip sig check for now as no service available to validate. //Current guidance is not to hash the sign for self generated JWTs. //var signature = claimsHashItems.Last(); //if (!string.IsNullOrEmpty(signature)) //{ // return new Response("The JWT associated with the Authorisation header must have an empty signature."); //} var claimsHash = claimsHashItems.Skip(1).Take(1).FirstOrDefault(); if (string.IsNullOrEmpty(claimsHash)) { response.SetError("The JWT associated with the Authorisation header must have a body of claims."); return(response); } var decoded = StringHelper.Base64UrlDecode(claimsHash); response = ParseClaims(decoded); if (!response.Success) { response.SetError(response.Message); return(response); } return(response); }