Skip to content

Commit 87c7b2a

Browse files
committed
2 parents 61c7154 + bf9deca commit 87c7b2a

1 file changed

Lines changed: 47 additions & 0 deletions

File tree

examples/TokenTool/TokenTool.Core/TokenTool.cs

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -237,6 +237,7 @@ public async Task RunAsync(MyApp.IOConsole ioConsole)
237237
var jwksJson = await httpClient.GetStringAsync($"{configUrl}/jwks");
238238
var jwks = JObject.Parse(jwksJson)["keys"];
239239

240+
/*
240241
var handler2 = new JwtSecurityTokenHandler();
241242
var jwt2 = handler2.ReadJwtToken(accessToken);
242243
var kid = jwt2.Header["kid"].ToString();
@@ -270,6 +271,52 @@ public async Task RunAsync(MyApp.IOConsole ioConsole)
270271
{
271272
ioConsole.WriteLine($"Validation failed: {ex.Message}");
272273
}
274+
*/
275+
276+
// 1) Handler
277+
var handler2 = new JsonWebTokenHandler();
278+
279+
// 2) JWK aus JWKS direkt verwenden (hier exemplarisch LINQ auf Dein jwks-Array)
280+
var jwtHeaderKid = new JsonWebToken(accessToken).Kid; // liest 'kid' robust
281+
var jwkJson = jwks.First(k => k["kid"].ToString() == jwtHeaderKid).ToString(); // k ist i. d. R. ein JObject
282+
var jwk = new JsonWebKey(jwkJson);
283+
284+
// 3) Validierungsparameter
285+
var validationParams = new TokenValidationParameters
286+
{
287+
// Signaturprüfung
288+
IssuerSigningKey = jwk, // kein manuelles RSAParameters nötig
289+
ValidateIssuerSigningKey = true,
290+
291+
// Lebenszeit
292+
ValidateLifetime = true,
293+
RequireExpirationTime = true,
294+
ClockSkew = TimeSpan.FromMinutes(5), // bei UTC+0 gut, ggf. 2–5 Minuten
295+
296+
// Issuer/Audience je nach Bedarf (bei Tests oft aus)
297+
ValidateIssuer = false, // später auf true + ValidIssuer setzen
298+
ValidateAudience = false, // später auf true + ValidAudience setzen
299+
300+
// Keine Legacy-Claim-Mappings
301+
// MapInboundClaims = false,
302+
303+
// Optional: Name-/Rollen-Claims aus dem JWT
304+
NameClaimType = "name",
305+
RoleClaimType = "role"
306+
};
307+
308+
try
309+
{
310+
var result = handler2.ValidateToken(accessToken, validationParams);
311+
if (!result.IsValid)
312+
Console.WriteLine($"Validation failed: {result.Exception?.Message}");
313+
else
314+
Console.WriteLine("Token is valid");
315+
}
316+
catch (Exception ex)
317+
{
318+
Console.WriteLine($"Validation failed: {ex.Message}");
319+
}
273320
}
274321
}
275322

0 commit comments

Comments
 (0)