59 lines
2.0 KiB
C#
59 lines
2.0 KiB
C#
using System.IdentityModel.Tokens.Jwt;
|
|
using Microsoft.IdentityModel.Protocols;
|
|
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace DexDemoBackend;
|
|
|
|
public class JwtValidator
|
|
{
|
|
private readonly AppConfig _config;
|
|
private readonly HttpClient _httpClient;
|
|
private ConfigurationManager<OpenIdConnectConfiguration>? _configManager;
|
|
|
|
public JwtValidator(AppConfig config)
|
|
{
|
|
_config = config;
|
|
_httpClient = new HttpClient(new HttpClientHandler
|
|
{
|
|
ServerCertificateCustomValidationCallback = (_, _, _, _) => true
|
|
});
|
|
}
|
|
|
|
public async Task<IDictionary<string, object>> ValidateToken(string token)
|
|
{
|
|
try
|
|
{
|
|
// Lazy init OIDC configuration manager
|
|
_configManager ??= new ConfigurationManager<OpenIdConnectConfiguration>(
|
|
$"{_config.DexIssuer}.well-known/openid-configuration",
|
|
new OpenIdConnectConfigurationRetriever(),
|
|
new HttpDocumentRetriever(_httpClient) { RequireHttps = false }
|
|
);
|
|
|
|
var oidcConfig = await _configManager.GetConfigurationAsync(CancellationToken.None);
|
|
|
|
var validationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidIssuer = _config.DexIssuer,
|
|
ValidateAudience = false,
|
|
ValidateLifetime = true,
|
|
ValidateIssuerSigningKey = true,
|
|
IssuerSigningKeys = oidcConfig.SigningKeys
|
|
};
|
|
|
|
var handler = new JwtSecurityTokenHandler();
|
|
var principal = handler.ValidateToken(token, validationParameters, out _);
|
|
|
|
var jwtToken = handler.ReadJwtToken(token);
|
|
return jwtToken.Payload;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw new UnauthorizedAccessException($"Token validation error: {ex.Message}", ex);
|
|
}
|
|
}
|
|
}
|
|
|