/// <summary>
/// Parses signed JWT token, extracts and returns payload part as binary data. This method
/// is NOT supported for encrypted JWT tokens. This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>unmarshalled payload</returns>
/// <exception cref="JoseException">if encrypted JWT token is provided</exception>
public static byte[] PayloadBytes(string token, JwtSettings settings = null)
{
byte[][] parts = Compact.Parse(token);
if (parts.Length > 3)
{
throw new JoseException(
"Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
return(parts[1]);
}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature
/// verification as defined in JWT token header. Resulting json string will be parsed and
/// mapped to desired type via configured IJsonMapper implementation.
/// </summary>
/// <typeparam name="T">Deserid object type after json mapping</typeparam>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>object of provided T, result of decoded json mapping</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">
/// if JWT signature, encryption or compression algorithm is not supported
/// </exception>
//public static T Decode<T>(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null)
//{
// return GetSettings(settings).JsonMapper.Parse<T>(Decode(token, key, alg, enc, settings));
//}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature
/// verification as defined in JWT token header. Resulting json string will be parsed and
/// mapped to desired type via configured IJsonMapper implementation.
/// </summary>
/// <typeparam name="T">Deserid object type after json mapping</typeparam>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>object of provided T, result of decoded json mapping</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">
/// if JWT signature, encryption or compression algorithm is not supported
/// </exception>
//public static T Decode<T>(string token, object key, JwsAlgorithm alg, JwtSettings settings = null)
//{
// return GetSettings(settings).JsonMapper.Parse<T>(Decode(token, key, alg, settings));
//}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature
/// verification as defined in JWT token header. Resulting json string will be parsed and
/// mapped to desired type via configured IJsonMapper implementation.
/// </summary>
/// <typeparam name="T">Deserid object type after json mapping</typeparam>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>object of provided T, result of decoded json mapping</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">
/// if JWT signature, encryption or compression algorithm is not supported
/// </exception>
//public static T Decode<T>(string token, object key = null, JwtSettings settings = null)
//{
// return GetSettings(settings).JsonMapper.Parse<T>(Decode(token, key, settings));
//}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
byte[][] parts = Compact.Parse(token);
if (parts.Length == 5) //encrypted JWT
{
return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings));
}
else
{
//signed or plain JWT
byte[] header = parts[0];
byte[] payload = parts[1];
byte[] signature = parts[2];
byte[] securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
var jwtSettings = GetSettings(settings);
var headerData = jwtSettings.JsonMapper.Parse(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}