Home Validate JWT scope using microsoft provided libraries
Reply: 0

Validate JWT scope using microsoft provided libraries

C-Rad
1#
C-Rad Published in 2017-12-08 01:35:28Z

I have some code that works but am frustrated with it's brute force approach and can't find a better solution anywhere. I have an older application that can't authenticate the token in the middleware. Therefore I have to do it on my end.

Here is my current code. (This does what I need it to I'm looking for a more standard solution.)

 public static bool IsTokenValid(string token, out long xid)
    {
        var authDomain = ConfigurationManager.AppSettings["IdentityServerUrl"];

        IConfigurationManager<OpenIdConnectConfiguration> configurationManager =
            new ConfigurationManager<OpenIdConnectConfiguration>($"{authDomain}/.well-known/openid-configuration",
                new OpenIdConnectConfigurationRetriever());
        if (_openIdConfig == null)
        {
            _openIdConfig =
                configurationManager.GetConfigurationAsync(CancellationToken.None).GetAwaiter().GetResult();
        }

        TokenValidationParameters validationParameters =
            new TokenValidationParameters
            {
                ValidIssuer = authDomain,
                ValidateAudience = false,
                IssuerSigningKeys = _openIdConfig.SigningKeys,
            };

        SecurityToken validatedToken;
        JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
        ClaimsPrincipal principal;
        try
        {
            principal = handler.ValidateToken(token, validationParameters, out validatedToken);
        }
        catch (Exception e)
        {
            return false;
        }

        var claims = principal.Claims;

        var scopes = claims.Where(t => t.Type == "scope");
        var requiredScope = ConfigurationManager.AppSettings["RequiredScope"];
        if (scopes.FirstOrDefault(t => t.Value == requiredScope) == null)
        {
            return false;
        }

        if( ...other validation stuff, I'm not worried about... )
        {
            return true;
        }
        return false;
    }
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.308564 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO