/// <summary>
/// Create a new instance of <see cref="IdTokenRequirements"/> with specified parameters.
/// </summary>
/// <param name="signatureAlgorithm"><see cref="JwtSignatureAlgorithm"/> the id token must be signed with.</param>
/// <param name="issuer">Required issuer (iss) the token must be from.</param>
/// <param name="audience">Required audience (aud) the token must be for.</param>
/// <param name="leeway">Amount of leeway in validating date and time claims to allow some clock variance
/// between the issuer and the application.</param>
/// <param name="maxAge">Optional maximum time since the user last authenticated.</param>
public IdTokenRequirements(JwtSignatureAlgorithm signatureAlgorithm, string issuer, string audience, TimeSpan leeway, TimeSpan?maxAge = null)
{
SignatureAlgorithm = signatureAlgorithm;
Issuer = issuer;
Audience = audience;
Leeway = leeway;
MaxAge = maxAge;
}
private Task AssertIdTokenValid(string idToken, string audience, JwtSignatureAlgorithm algorithm, string clientSecret, string organization = null)
{
var requirements = new IdTokenRequirements(algorithm, BaseUri.AbsoluteUri, audience, idTokenValidationLeeway, null, organization);
return(idTokenValidator.Assert(requirements, idToken, clientSecret));
}
protected SignedDecoder(JwtSignatureAlgorithm signatureAlgorithm, IEnumerable <SecurityKey> keys)
{
this.signatureAlgorithm = signatureAlgorithm;
validationParameters.IssuerSigningKeys = keys;
}
