public static System.Security.Claims.ClaimsPrincipal ToClaimsPrincipal(this Claims claims, string authenticationType = "internal") { return(new System.Security.Claims.ClaimsPrincipal(claims.ToClaimsIdentity(authenticationType))); }
public static IList <System.Security.Claims.Claim> ToClaimsList(this Claims claims) { return(new List <System.Security.Claims.Claim>(claims.Select(c => new System.Security.Claims.Claim(c.Type, c.Value)))); }
public static System.Security.Claims.ClaimsIdentity ToClaimsIdentity(this Claims claims, string authenticationType = "internal") { return(new System.Security.Claims.ClaimsIdentity(claims.ToClaimsList(), authenticationType)); }
private bool ValidateAccessTokenHash(string accessToken, int signingAlgorithmBits, Claims claims) { Logger.Debug("validate authorization code hash"); var atHash = claims.FindFirst(JwtClaimTypes.AccessTokenHash)?.Value ?? ""; if (atHash.IsMissing()) { return(true); } var hashAlgorithm = GetHashAlgorithm(signingAlgorithmBits); if (hashAlgorithm == null) { Logger.Error("No appropriate hashing algorithm found."); } var codeHash = hashAlgorithm.HashData( CryptographicBuffer.CreateFromByteArray( Encoding.UTF8.GetBytes(accessToken))); byte[] atHashArray; CryptographicBuffer.CopyToByteArray(codeHash, out atHashArray); byte[] leftPart = new byte[signingAlgorithmBits / 16]; Array.Copy(atHashArray, leftPart, signingAlgorithmBits / 16); var leftPartB64 = Base64Url.Encode(leftPart); var match = leftPartB64.Equals(atHash); if (!match) { Logger.Error($"access token hash ({leftPartB64}) does not match at_hash from token ({atHash})"); } Logger.Debug("success"); return(match); }