public void Validate(JwtSecurityToken jwt, OpenIdConnectProtocolValidator protocolValidator, OpenIdConnectProtocolValidationContext validationContext, ExpectedException ee) { try { protocolValidator.Validate(jwt, validationContext); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } }
/// <summary> /// Validates the identity token. /// </summary> /// <param name="idToken">The identifier token.</param> /// <param name="oidcClientId">The oidc client identifier.</param> /// <param name="nonce">The nonce.</param> /// <param name="oidcConfig">The oidc configuration.</param> /// <returns>JwtSecurityToken.</returns> /// <exception cref="System.ArgumentNullException"> /// </exception> private JwtSecurityToken ValidateIdentityToken(string idToken, string oidcClientId, string nonce, OpenIdConnectConfiguration oidcConfig) { if (string.IsNullOrWhiteSpace(idToken)) { throw new ArgumentNullException(nameof(idToken)); } if (string.IsNullOrWhiteSpace(oidcClientId)) { throw new ArgumentNullException(nameof(oidcClientId)); } if (string.IsNullOrWhiteSpace(nonce)) { throw new ArgumentNullException(nameof(nonce)); } if (oidcConfig == null) { throw new ArgumentNullException(nameof(oidcConfig)); } var idTokenValidationParameters = new TokenValidationParameters { ValidAudience = oidcClientId, ValidIssuer = oidcConfig.Issuer, IssuerSigningTokens = oidcConfig.JsonWebKeySet.GetSigningTokens() }; if (IsTokenValidationDisabled) { idTokenValidationParameters.LifetimeValidator = (before, expires, token, parameters) => true; } try { SecurityToken validatedToken; var jwtTokenHandler = new JwtSecurityTokenHandler(); jwtTokenHandler.ValidateToken(idToken, idTokenValidationParameters, out validatedToken); var validationContext = new OpenIdConnectProtocolValidationContext { Nonce = IsTokenValidationDisabled ? null : nonce }; var validatedJwtToken = validatedToken as JwtSecurityToken; var oidcProtocolValidator = new OpenIdConnectProtocolValidator(); if (IsTokenValidationDisabled) { oidcProtocolValidator.RequireNonce = false; } oidcProtocolValidator.Validate(validatedJwtToken, validationContext); return(validatedJwtToken); } catch (Exception ex) { throw new AuthenticationException("An error occurred validating the Id token.", ex); } }