private ClaimsPrincipal ValidateSignature(string accessToken, IdentityModel.Jwk.JsonWebKey cnf, JwtSecurityTokenHandler handler, TokenValidationParameters parameters) { if (parameters.RequireSignedTokens) { // read keys from provider information var keys = new List <SecurityKey>(); // todo: only supports RSA keys right now if (cnf.E.IsPresent() && cnf.N.IsPresent()) { var e = Base64Url.Decode(cnf.E); var n = Base64Url.Decode(cnf.N); var key = new RsaSecurityKey(new RSAParameters { Exponent = e, Modulus = n }); key.KeyId = cnf.Kid; keys.Add(key); _logger.LogDebug("Added signing key with kid: {kid}", key?.KeyId ?? "not set"); } else { _logger.LogDebug("Signing key with kid: {kid} currently not supported", cnf.Kid ?? "not set"); } parameters.IssuerSigningKeys = keys; } SecurityToken token; return(handler.ValidateToken(accessToken, parameters, out token)); }
public async Task <JsonWebKey> GetAsync() { if (_jwk == null) { var keyBundle = await GetSigningKeyAsync(); _keyBundle = keyBundle; _keyIdentifier = keyBundle.KeyIdentifier; _jwk = new JsonWebKey(keyBundle.Key.ToString()); } return(_jwk); }
public async Task <IEnumerable <JsonWebKey> > GetAllAsync() { if (_jwks == null) { _jwks = new List <JsonWebKey>(); var keyBundles = await GetKeyBundleVersionsAsync(); var query = from item in keyBundles where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled select item; keyBundles = query.ToList(); foreach (var keyBundle in keyBundles) { var jwk = new JsonWebKey(keyBundle.Key.ToString()); _jwks.Add(jwk); } } return(_jwks); }
public static IdentityModel.Jwk.JsonWebKeySet CreateKeySet(RsaSecurityKey key) { var parameters = key.Rsa?.ExportParameters(false) ?? key.Parameters; var exponent = Base64Url.Encode(parameters.Exponent); var modulus = Base64Url.Encode(parameters.Modulus); var webKey = new IdentityModel.Jwk.JsonWebKey { Kty = "RSA", Use = "sig", Kid = key.KeyId, E = exponent, N = modulus, }; var set = new IdentityModel.Jwk.JsonWebKeySet(); set.Keys.Add(webKey); return(set); }