public async Task <bool> Validate(IDictionary <string, string> decodedClaims) { if (decodedClaims == null) { throw new ArgumentNullException(nameof(decodedClaims)); } if (!decodedClaims.ContainsKey("exp") || !decodedClaims.ContainsKey("access_token")) { return(false); } // check exp max. 3 hrs var maxExpiry = _DateTimeProvider.Snapshot.AddHours(_IccPortalConfig.ClaimLifetimeHours).ToUnixTimeU64(); if (!ulong.TryParse(decodedClaims["exp"], out ulong tokenExpiry)) { return(false); } if (tokenExpiry > maxExpiry) { _Logger.LogInformation("Token invalid, has longer exp. than configured {claimLifetimeHours} hrs", _IccPortalConfig.ClaimLifetimeHours.ToString()); return(false); } return(await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"])); }
public void VerifyTokenShouldReturnTrueOnValidToken() { var validToken = "valid_access_token"; _Server.Reset(); _Server.Given( Request.Create() .WithHeader("Authorization", "Bearer " + validToken) .WithPath("/ggdghornl_test/oauth2/v1/verify").UsingGet() ) .RespondWith( Response.Create() .WithStatusCode(200) .WithHeader("Content-Type", "application/json") .WithBody("{\"audience\":1234}") ); Assert.IsTrue(_TheIdentityHubService.VerifyToken(validToken).Result); }
public async Task <bool> Validate(IDictionary <string, string> decodedClaims) { if (decodedClaims == null) { throw new ArgumentNullException(nameof(decodedClaims)); } if (!decodedClaims.ContainsKey("access_token")) { return(false); } if (decodedClaims["access_token"] == _TestAccessToken) { _Logger.LogWarning("Test JWT Used for authorization!"); return(true); } return(await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"])); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.TryGetValue("Authorization", out var headerValue)) { Logger.LogInformation("Missing authorization header."); return(AuthenticateResult.Fail("Missing authorization header.")); } if (!AuthenticationHeaderValue.TryParse(headerValue, out var authHeader)) { Logger.LogInformation("Invalid authorization header."); return(AuthenticateResult.Fail("Invalid authorization header.")); } var jwt = authHeader.ToString().Replace("Bearer ", "").Trim(); if (!_JwtService.TryDecode(jwt, out var decodedClaims)) { return(AuthenticateResult.Fail("Invalid jwt token")); } if (!await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"])) { return(AuthenticateResult.Fail("Invalid jwt token")); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, decodedClaims["id"]), new Claim(TheIdentityHubClaimTypes.AccessToken, decodedClaims["access_token"]), }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }