internal static ClaimsPrincipal ValidateToken(TokenValidationParameters validationParams, string tokenString, string secretKey) { validationParams.IssuerSigningToken = new BinarySecretSecurityToken(HmacSigningCredentials.ParseKeyString(secretKey)); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); SecurityToken validatedToken = null; return(tokenHandler.ValidateToken(tokenString, validationParams, out validatedToken)); }
/// <summary> /// A helper that will throw if the tokenString cannot be parsed or the signature is invalid /// </summary> /// <param name="tokenString">The JWT token string</param> /// <param name="secretKey">The key used to sign the token JWT token</param> private static void ValidateToken(string tokenString) { JwtSecurityToken parsedToken = new JwtSecurityToken(tokenString); TokenValidationParameters validationParams = new TokenValidationParameters { ValidateAudience = true, ValidAudience = Audience, ValidateIssuer = true, ValidIssuer = Issuer, ValidateLifetime = parsedToken.Payload.Exp.HasValue, // support tokens with no expiry IssuerSigningToken = new BinarySecretSecurityToken(HmacSigningCredentials.ParseKeyString(SigningKey)) }; JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); SecurityToken validatedToken = null; tokenHandler.ValidateToken(tokenString, validationParams, out validatedToken); }