public async Task <BoolValue <ClaimsPrincipal> > ValidateAsync(string idToken, JwtTokenValidationOptions options = null)
{
try
{
var discoveryDocument = await DiscoveryDocument.DownloadAsync(idToken);
if (!discoveryDocument)
{
return(BoolValue <ClaimsPrincipal> .Fail(discoveryDocument.Message, discoveryDocument.Exception));
}
var jwks = await JsonWebKeySet.DownloadAsync(discoveryDocument.Value.JwksUri);
if (!jwks)
{
return(BoolValue <ClaimsPrincipal> .Fail(jwks.Message, jwks.Exception));
}
options ??= new JwtTokenValidationOptions();
var parameters = options.ToTokenValidationParameters(
new JwtSecurityToken(idToken),
discoveryDocument.Value,
jwks.Value);
var handler = new JwtSecurityTokenHandler();
handler.InboundClaimTypeMap.Clear();
var user = handler.ValidateToken(idToken, parameters, out _);
return(BoolValue <ClaimsPrincipal> .Success(user));
}
catch (Exception ex)
{
return(BoolValue <ClaimsPrincipal> .Fail(ex.Message, ex));
}
}
internal TokenValidationParameters ToTokenValidationParameters(
JwtSecurityToken jwtSecurityToken,
DiscoveryDocument discoveryDocumentValue,
JsonWebKeySet jwksKeySet)
{
return(new TokenValidationParameters
{
ValidIssuer = discoveryDocumentValue.Issuer,
ValidAudience = jwtSecurityToken.Audiences.First(),
IssuerSigningKeys = jwksKeySet.Keys,
NameClaimType = "name",
RoleClaimType = "role",
ValidateAudience = ValidateAudience,
RequireExpirationTime = RequireExpirationTime,
RequireSignedTokens = RequireSignedTokens,
SaveSigninToken = SaveSigninToken,
ValidateActor = ValidateActor,
ValidateIssuer = ValidateIssuer,
ValidateIssuerSigningKey = ValidateIssuerSigningKey,
ValidateLifetime = ValidateLifetime
});
}