public SimpleWebToken ValidateToken(string token) { if (token == null) { throw new HttpException((int)HttpStatusCode.Unauthorized, "SWT not found"); } var swt = new SimpleWebToken(token); byte[] securityKey = Convert.FromBase64String(SharedKeyBase64); if (securityKey == null) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Missing shared key"); } if (!IsHmacValid(swt.RawToken, securityKey)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid signature"); } if (swt.IsExpired) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Token expired"); } if (AllowedAudiences != null && AllowedAudiences.Count > 0) { Uri swtAudienceUri; if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid audience"); } if (AllowedAudiences.All(uri => uri != swtAudienceUri)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Audience not found"); } } if (!string.IsNullOrEmpty(AllowedIssuer)) { if (!AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid issuer"); } } return(swt); }
public SimpleWebToken ValidateToken(string token) { if (token == null) throw new HttpException((int)HttpStatusCode.Unauthorized, "SWT not found"); var swt = new SimpleWebToken(token); byte[] securityKey = Convert.FromBase64String(SharedKeyBase64); if (securityKey == null) throw new HttpException((int)HttpStatusCode.Unauthorized, "Missing shared key"); if (!IsHmacValid(swt.RawToken, securityKey)) throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid signature"); if (swt.IsExpired) throw new HttpException((int)HttpStatusCode.Unauthorized, "Token expired"); if (AllowedAudiences != null && AllowedAudiences.Count > 0) { Uri swtAudienceUri; if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri)) throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid audience"); if (AllowedAudiences.All(uri => uri != swtAudienceUri)) throw new HttpException((int)HttpStatusCode.Unauthorized, "Audience not found"); } if (!string.IsNullOrEmpty(AllowedIssuer)) { if (!AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid issuer"); } } return swt; }