public TokenHandler(SharePointConfiguration configuration) { _clientId = configuration.ClientId; _issuerId = string.IsNullOrEmpty(configuration.IssuerId) ? _clientId : configuration.IssuerId; _hostedAppHostNameOverride = configuration.HostedAppHostNameOverride; _hostedAppHostName = configuration.HostedAppHostName; _clientSecret = configuration.ClientSecret; _secondaryClientSecret = configuration.SecondaryClientSecret; _realm = configuration.Realm; _serviceNamespace = configuration.Realm; var clientSigningCertificatePath = configuration.ClientSigningCertificatePath; var clientSigningCertificatePassword = configuration.ClientSigningCertificatePassword; var clientCertificate = (string.IsNullOrEmpty(clientSigningCertificatePath) || string.IsNullOrEmpty(clientSigningCertificatePassword)) ? null : new X509Certificate2(clientSigningCertificatePath, clientSigningCertificatePassword); _signingCredentials = (clientCertificate == null) ? null : new X509SigningCredentials(clientCertificate, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); }
public virtual System.Collections.Generic.IDictionary <string, string> CreateHeaderClaims() { System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal); dictionary.Add("typ", "JWT"); if (this.SigningCredentials != null) { if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == 0) { Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials x509SigningCredentials = this.SigningCredentials as Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials; if (x509SigningCredentials == null) { throw new System.InvalidOperationException("JWT token is not valid. RSA signature requires X509SigningCredentials"); } dictionary.Add("alg", "RS256"); dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SigningCredentials.Certificate.GetCertHash())); } else if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256") == 0) { dictionary.Add("alg", "HS256"); } } else if (this.IssuerToken != null) { System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = this.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken != null) { dictionary.Add("alg", "RS256"); dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SecurityToken.Certificate.GetCertHash())); } else if (this.IssuerToken is BinarySecretSecurityToken) { dictionary.Add("alg", "HS256"); } } else { dictionary.Add("alg", "none"); } return(dictionary); }