public static IdToken Parse(string idToken) { if (string.IsNullOrEmpty(idToken)) { return(null); } IdToken idTokenBody = null; string[] idTokenSegments = idToken.Split(new[] { '.' }); if (idTokenSegments.Length < 2) { throw new MsalClientException( MsalError.InvalidJwtError, MsalErrorMessage.IDTokenMustHaveTwoParts); } try { byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]); idTokenBody = JsonHelper.DeserializeFromJson <IdToken>(idTokenBytes); } catch (JsonException exc) { throw new MsalClientException( MsalError.JsonParseError, MsalErrorMessage.FailedToParseIDToken, exc); } return(idTokenBody); }
public static IdToken Parse(string idToken) { if (string.IsNullOrEmpty(idToken)) { return(null); } IdToken idTokenBody = null; string[] idTokenSegments = idToken.Split(new[] { '.' }); if (idTokenSegments.Length < 2) { throw new MsalClientException(MsalClientException.InvalidJwtError, "ID Token must contain at least 2 parts."); } try { byte[] idTokenBytes = Base64UrlHelpers.DecodeToBytes(idTokenSegments[1]); using (var stream = new MemoryStream(idTokenBytes)) { var serializer = new DataContractJsonSerializer(typeof(IdToken)); idTokenBody = (IdToken)serializer.ReadObject(stream); } } catch (Exception exc) { throw new MsalClientException(MsalClientException.JsonParseError, "Failed to parse the returned id token.", exc); } return(idTokenBody); }
public static ClientInfo CreateFromJson(string clientInfo) { if (string.IsNullOrEmpty(clientInfo)) { throw new MsalClientException(MsalClientException.JsonParseError, "client info is null"); } try { return(JsonHelper.DeserializeFromJson <ClientInfo>(Base64UrlHelpers.DecodeToBytes(clientInfo))); } catch (Exception exc) { throw new MsalClientException(MsalClientException.JsonParseError, "Failed to parse the returned client info.", exc); } }
public static IdToken Parse(string idToken) { if (string.IsNullOrEmpty(idToken)) { return(null); } string[] idTokenSegments = idToken.Split(new[] { '.' }); if (idTokenSegments.Length < 2) { throw new MsalClientException( MsalError.InvalidJwtError, MsalErrorMessage.IDTokenMustHaveTwoParts); } try { string payload = Base64UrlHelpers.Decode(idTokenSegments[1]); var idTokenClaims = JsonConvert.DeserializeObject <Dictionary <string, object> >(payload); IdToken parsedIdToken = new IdToken(); List <Claim> claims = GetClaimsFromRawToken(idTokenClaims); parsedIdToken.ClaimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims)); parsedIdToken.ObjectId = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.ObjectId)?.Value; parsedIdToken.Subject = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Subject)?.Value; parsedIdToken.TenantId = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.TenantId)?.Value; parsedIdToken.PreferredUsername = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.PreferredUsername)?.Value; parsedIdToken.Name = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Name)?.Value; parsedIdToken.Upn = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.Upn)?.Value; parsedIdToken.GivenName = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.GivenName)?.Value; parsedIdToken.FamilyName = parsedIdToken.ClaimsPrincipal.FindFirst(IdTokenClaim.FamilyName)?.Value; return(parsedIdToken); } catch (JsonException exc) { throw new MsalClientException( MsalError.JsonParseError, MsalErrorMessage.FailedToParseIDToken, exc); } }
public static ClientInfo CreateFromEncodedString(string encodedUserIdentiier) { if (string.IsNullOrEmpty(encodedUserIdentiier)) { return(null); } string[] artifacts = encodedUserIdentiier.Split('.'); if (artifacts.Length == 0) { return(null); } return(new ClientInfo() { UniqueIdentifier = Base64UrlHelpers.DecodeToString(artifacts[0]), UniqueTenantIdentifier = Base64UrlHelpers.DecodeToString(artifacts[1]), }); }
private static string UrlEncodeSegment(byte[] segment) { return(Base64UrlHelpers.Encode(segment)); }
public ClientCredentialWrapper(ApplicationConfiguration config) { ConfidentialClientApplication.GuardMobileFrameworks(); if (config.ConfidentialClientCredentialCount == 0) { throw new MsalClientException( MsalError.ClientCredentialAuthenticationTypeMustBeDefined, MsalErrorMessage.ClientCredentialAuthenticationTypeMustBeDefined); } if (config.ConfidentialClientCredentialCount > 1) { throw new MsalClientException(MsalError.ClientCredentialAuthenticationTypesAreMutuallyExclusive, MsalErrorMessage.ClientCredentialAuthenticationTypesAreMutuallyExclusive); } if (!string.IsNullOrWhiteSpace(config.ClientSecret)) { AuthenticationType = ConfidentialClientAuthenticationType.ClientSecret; } if (config.ClientCredentialCertificate != null) { if (config.ClaimsToSign != null && config.ClaimsToSign.Any()) { AuthenticationType = ConfidentialClientAuthenticationType.ClientCertificateWithClaims; AppendDefaultClaims = config.MergeWithDefaultClaims; } else { AuthenticationType = ConfidentialClientAuthenticationType.ClientCertificate; } } if (!string.IsNullOrWhiteSpace(config.SignedClientAssertion)) { AuthenticationType = ConfidentialClientAuthenticationType.SignedClientAssertion; } if (config.SignedClientAssertionDelegate != null) { AuthenticationType = ConfidentialClientAuthenticationType.SignedClientAssertionDelegate; } switch (AuthenticationType) { case ConfidentialClientAuthenticationType.ClientCertificate: Certificate = config.ClientCredentialCertificate; break; case ConfidentialClientAuthenticationType.ClientCertificateWithClaims: Certificate = config.ClientCredentialCertificate; ClaimsToSign = config.ClaimsToSign; break; case ConfidentialClientAuthenticationType.ClientSecret: Secret = config.ClientSecret; break; case ConfidentialClientAuthenticationType.SignedClientAssertion: SignedAssertion = config.SignedClientAssertion; break; case ConfidentialClientAuthenticationType.SignedClientAssertionDelegate: SignedAssertionDelegate = config.SignedClientAssertionDelegate; break; default: throw new NotImplementedException(); } if (Certificate != null) { Thumbprint = Base64UrlHelpers.Encode(Certificate.GetCertHash()); } }