private bool ValidateAccessTokenHash(string accessToken, Claims claims) { // validate c_hash var atHash = claims.FindFirst(JwtClaimTypes.AccessTokenHash)?.Value ?? ""; if (atHash.IsMissing()) { return(true); } var sha256 = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256); var codeHash = sha256.HashData( CryptographicBuffer.CreateFromByteArray( Encoding.UTF8.GetBytes(accessToken))); byte[] atHashArray; CryptographicBuffer.CopyToByteArray(codeHash, out atHashArray); byte[] leftPart = new byte[16]; Array.Copy(atHashArray, leftPart, 16); var leftPartB64 = Base64Url.Encode(leftPart); return(leftPartB64.Equals(atHash)); }
private bool ValidateNonce(string nonce, Claims claims) { Logger.Debug("validate nonce"); var tokenNonce = claims.FindFirst(JwtClaimTypes.Nonce)?.Value ?? ""; var match = string.Equals(nonce, tokenNonce, StringComparison.Ordinal); if (!match) { Logger.Error($"nonce ({nonce}) does not match nonce from token ({tokenNonce})"); } Logger.Debug("success"); return(match); }
private bool ValidateAccessTokenHash(string accessToken, int signingAlgorithmBits, Claims claims) { Logger.Debug("validate authorization code hash"); var atHash = claims.FindFirst(JwtClaimTypes.AccessTokenHash)?.Value ?? ""; if (atHash.IsMissing()) { return(true); } var hashAlgorithm = GetHashAlgorithm(signingAlgorithmBits); if (hashAlgorithm == null) { Logger.Error("No appropriate hashing algorithm found."); } var codeHash = hashAlgorithm.HashData( CryptographicBuffer.CreateFromByteArray( Encoding.UTF8.GetBytes(accessToken))); byte[] atHashArray; CryptographicBuffer.CopyToByteArray(codeHash, out atHashArray); byte[] leftPart = new byte[signingAlgorithmBits / 16]; Array.Copy(atHashArray, leftPart, signingAlgorithmBits / 16); var leftPartB64 = Base64Url.Encode(leftPart); var match = leftPartB64.Equals(atHash); if (!match) { Logger.Error($"access token hash ({leftPartB64}) does not match at_hash from token ({atHash})"); } Logger.Debug("success"); return(match); }
private bool ValidateNonce(string nonce, Claims claims) { var tokenNonce = claims.FindFirst(JwtClaimTypes.Nonce)?.Value ?? ""; return(string.Equals(nonce, tokenNonce, StringComparison.Ordinal)); }