private void DecodeJWT(string token, IAccount account, ref IAuthContext authContext)
{
JwtPayload jwtPayload = JwtHelpers.DecodeToObject <JwtPayload>(token);
if (authContext.AuthType == AuthenticationType.UserProvidedAccessToken)
{
if (jwtPayload == null)
{
throw new Exception(string.Format(
CultureInfo.CurrentCulture,
ErrorConstants.Message.InvalidUserProvidedToken,
nameof(AccessToken)));
}
if (jwtPayload.Exp <= JwtHelpers.ConvertToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromMinutes(Constants.TokenExpirationBufferInMinutes)))
{
throw new Exception(string.Format(
CultureInfo.CurrentCulture,
ErrorConstants.Message.ExpiredUserProvidedToken,
nameof(AccessToken)));
}
}
authContext.ClientId = jwtPayload?.Appid ?? authContext.ClientId;
authContext.Scopes = jwtPayload?.Scp?.Split(' ') ?? jwtPayload?.Roles;
authContext.TenantId = jwtPayload?.Tid ?? account?.HomeAccountId?.TenantId;
authContext.AppName = jwtPayload?.AppDisplayname;
authContext.Account = jwtPayload?.Upn ?? account?.Username;
}
