Microsoft.IdentityModel.JsonWebTokens
Initializes static members of the class.
Gets the InboundClaimTypeMap used by JwtSecurityTokenHandler when producing claims from jwt.
Gets the OutboundClaimTypeMap is used by JwtSecurityTokenHandler to shorten claim types when creating a jwt.
Constants for Json Web tokens.
A URI that represents the JSON XML data type.
When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.
A URI that represents the JSON array XML data type.
When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.
A URI that represents the JSON null data type
When mapping json to .Net Claim(s), we use empty string to represent the claim value and set the ClaimValueType to JsonNull
A designed for representing a JSON Web Token (JWT).
Initializes a new instance of from a string in JWS or JWE Compact serialized format.
A JSON Web Token that has been serialized in JWS or JWE Compact serialized format.
'jwtEncodedString' is null or empty.
'jwtEncodedString' is not in JWS or JWE Compact serialization format.
see: https://datatracker.ietf.org/doc/html/rfc7519 (JWT)
see: https://datatracker.ietf.org/doc/html/rfc7515 (JWS)
see: https://datatracker.ietf.org/doc/html/rfc7516 (JWE)
The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in
Initializes a new instance of the class where the header contains the crypto algorithms applied to the encoded header and payload.
A string containing JSON which represents the cryptographic operations applied to the JWT and optionally any additional properties of the JWT.
A string containing JSON which represents the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }.
see: https://datatracker.ietf.org/doc/html/rfc7519 (JWT)
see: https://datatracker.ietf.org/doc/html/rfc7515 (JWS)
see: https://datatracker.ietf.org/doc/html/rfc7516 (JWE)
The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in
'header' is null.
'payload' is null.
Gets the AuthenticationTag from the original raw data of this instance when it was created.
Contains the results of a Authentication Encryption with Associated Data (AEAD).
see: https://datatracker.ietf.org/doc/html/rfc7516#section-2
If this JWT is not encrypted with an algorithms that uses an Authentication Tag, an empty string will be returned.
Gets the Ciphertext representing the encrypted JWT in the original raw data.
When decrypted using values in the JWE header will contain the plaintext payload.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-2
If this JWT is not encrypted, an empty string will be returned.
Gets the EncodedHeader from the original raw data of this instance when it was created.
The original Base64UrlEncoded string of the JWT header.
Gets the Encrypted Content Encryption Key.
For some algorithms this value may be null even though the JWT was encrypted.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-2
If not found, an empty string is returned.
Gets the EncodedPayload from the original raw data of this instance when it was created.
The original Base64UrlEncoded of the JWT payload, for JWE this will an empty string.
Gets the EncodedSignature from the original raw data of this instance when it was created.
The original Base64UrlEncoded of the JWT signature.
If the JWT was not signed or a JWE, an empty string is returned.
Gets the original raw data of this instance when it was created.
The original Base64UrlEncoded of the JWT.
Gets the Initialization Vector used when encrypting the plaintext.
see: https://datatracker.ietf.org/doc/html/rfc7516#appendix-A-1-4
Some algorithms may not use an Initialization Vector.
If not found an empty string is returned.
Gets the associated with this instance.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-2
For encrypted tokens {JWE}, this represents the JWT that was encrypted.
If the JWT is not encrypted, this value will be null.
Returns true if this JsonWebToken was encrypted a JWE.
Returns true if this JsonWebToken was signed a JWS.
Not implemented.
Gets or sets the that was used to sign this token.
If the JWT was not signed or validated, this value will be null.
Converts a string into an instance of .
A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format.
if is malformed, a valid JWT should have either 2 dots (JWS) or 4 dots (JWE).
if does not have an non-empty authentication tag after the 4th dot for a JWE.
if has more than 4 dots.
Gets the 'value' of the 'actort' claim the payload.
If the 'actort' claim is not found, an empty string is returned.
Gets the 'value' of the 'alg' claim from the header.
Identifies the cryptographic algorithm used to encrypt or determine the value of the Content Encryption Key.
Applicable to an encrypted JWT {JWE}.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-4-1-1
If the 'alg' claim is not found, an empty string is returned.
Gets the list of 'aud' claims from the payload.
Identifies the recipients that the JWT is intended for.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4-1-3
If the 'aud' claim is not found, enumeration will be empty.
Gets a where each claim in the JWT { name, value } is returned as a .
A requires each value to be represented as a string. If the value was not a string, then contains the json type.
and to determine the json type.
Gets the 'value' of the 'cty' claim from the header.
Used by JWS applications to declare the media type[IANA.MediaTypes] of the secured content (the payload).
see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.12 (JWE)
see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.10 (JWS)
If the 'cty' claim is not found, an empty string is returned.
Gets the 'value' of the 'enc' claim from the header.
Identifies the content encryption algorithm used to perform authenticated encryption
on the plaintext to produce the ciphertext and the Authentication Tag.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2
Gets a representing the { key, 'value' } pair corresponding to the provided .
A requires each value to be represented as a string. If the value was not a string, then contains the json type.
and to determine the json type.
If the key has no corresponding value, this method will throw.
Gets the 'value' corresponding to key from the JWT header transformed as type 'T'.
The expectation is that the 'value' corresponds to a type are expected in a JWT token.
The 5 basic types: number, string, true / false, nil, array (of basic types).
This is not a general purpose translation layer for complex types.
The value as .
if claim is not found or a transformation to cannot be made.
Gets the 'value' corresponding to key from the JWT payload transformed as type 'T'.
The expectation is that the 'value' corresponds to a type are expected in a JWT token.
The 5 basic types: number, string, true / false, nil, array (of basic types).
This is not a general purpose translation layer for complex types.
The value as .
if claim is not found or a transformation to cannot be made.
Gets the 'value' of the 'jti' claim from the payload.
Provides a unique identifier for the JWT.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
If the 'jti' claim is not found, an empty string is returned.
Gets the 'value' of the 'iat' claim converted to a from the payload.
Identifies the time at which the JWT was issued.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
If the 'iat' claim is not found, then is returned.
Gets the 'value' of the 'iss' claim from the payload.
Identifies the principal that issued the JWT.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
If the 'iss' claim is not found, an empty string is returned.
Gets the 'value' of the 'kid' claim from the header.
'kid'is a hint indicating which key was used to secure the JWS.
see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4 (JWS)
see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.6 (JWE)
If the 'kid' claim is not found, an empty string is returned.
Gets the 'value' of the 'sub' claim from the payload.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
Identifies the principal that is the subject of the JWT.
If the 'sub' claim is not found, an empty string is returned.
Returns the encoded token without signature or authentication tag.
Encoded token string without signature or authentication tag.
Try to get a representing the { key, 'value' } pair corresponding to the provided .
The value is obtained from the Payload.
A requires each value to be represented as a string. If the value was not a string, then contains the json type.
and to determine the json type.
true if successful, false otherwise.
Tries to get the value
The expectation is that the 'value' corresponds to a type expected in a JWT token.
true if successful, false otherwise.
Tries to get the value corresponding to the provided key from the JWT header { key, 'value' }.
The expectation is that the 'value' corresponds to a type expected in a JWT token.
The 5 basic types: number, string, true / false, nil, array (of basic types).
This is not a general purpose translation layer for complex types.
true if successful, false otherwise.
Try to get the 'value' corresponding to key from the JWT payload transformed as type 'T'.
The expectation is that the 'value' corresponds to a type are expected in a JWT token.
The 5 basic types: number, string, true / false, nil, array (of basic types).
This is not a general purpose translation layer for complex types.
true if successful, false otherwise.
Gets the 'value' of the 'typ' claim from the header.
Is used by JWT applications to declare the media type.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
If the 'typ' claim is not found, an empty string is returned.
Gets the 'value' of the 'x5t' claim from the header.
Is the base64url-encoded SHA-1 thumbprint(a.k.a.digest) of the DER encoding of the X.509 certificate used to sign this token.
see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.7
If the 'x5t' claim is not found, an empty string is returned.
Gets the 'value' of the 'nbf' claim converted to a from the payload.
Identifies the time before which the JWT MUST NOT be accepted for processing.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
If the 'nbf' claim is not found, then is returned.
Gets the 'value' of the 'exp' claim converted to a from the payload.
Identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.
see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
If the 'exp' claim is not found, then is returned.
Gets the 'value' of the 'zip' claim from the header.
The "zip" (compression algorithm) applied to the plaintext before encryption, if any.
see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.3
If the 'zip' claim is not found, an empty string is returned.
A designed for creating and validating Json Web Tokens.
See: https://datatracker.ietf.org/doc/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515.
Default claim type mapping for inbound claims.
Default value for the flag that determines whether or not the InboundClaimTypeMap is used.
Gets the Base64Url encoded string representation of the following JWT header:
{ , }.
The Base64Url encoded string representation of the unsigned JWT header.
Initializes a new instance of the class.
Gets the type of the .
The type of
Gets or sets the property name of the will contain the original JSON claim 'name' if a mapping occurred when the (s) were created.
If .IsNullOrWhiteSpace('value') is true.
Gets or sets the property which is used when determining whether or not to map claim types that are extracted when validating a .
If this is set to true, the is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs.
The default value is false.
Gets or sets the which is used when setting the for claims in the extracted when validating a .
The is set to the JSON claim 'name' after translating using this mapping.
The default value is ClaimTypeMapping.InboundClaimTypeMap.
'value' is null.
Determines if the string is a well formed Json Web Token (JWT).
See: https://datatracker.ietf.org/doc/html/rfc7519
String that should represent a valid JWT.
Uses matching:
JWS: @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$"
JWE: (dir): @"^[A-Za-z0-9-_]+\.\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$"
JWE: (wrappedkey): @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]$"
'false' if the token is null or whitespace.
'false' if token.Length is greater than .
'true' if the token is in JSON compact serialization format.
Returns a value that indicates if this handler can validate a .
'true', indicating this instance can validate a .
Creates an unsigned JWS (Json Web Signature).
A string containing JSON which represents the JWT token payload.
if is null.
A JWS in Compact Serialization Format.
Creates an unsigned JWS (Json Web Signature).
A string containing JSON which represents the JWT token payload.
Defines the dictionary containing any custom header claims that need to be added to the JWT token header.
if is null.
if is null.
A JWS in Compact Serialization Format.
Creates a JWS (Json Web Signature).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWS.
if is null.
if is null.
A JWS in Compact Serialization Format.
Creates a JWS (Json Web Signature).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWS.
Defines the dictionary containing any custom header claims that need to be added to the JWT token header.
if is null.
if is null.
if is null.
if ,
, , and/or
are present inside of .
A JWS in Compact Serialization Format.
Creates a JWS(Json Web Signature).
A that contains details of contents of the token.
A JWS in Compact Serialization Format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to encrypt the JWT.
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
if is null.
if is null.
if is null.
if ,
, , and/or
are present inside of .
A JWS in Compact Serialization Format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWT.
Defines the security key and algorithm that will be used to encrypt the JWT.
if is null.
if is null.
if is null.
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWT.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
if is null.
if is null.
if is null.
if is null.
if ,
, , and/or
are present inside of .
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the compression algorithm that will be used to compress the JWT token payload.
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWT.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the compression algorithm that will be used to compress the JWT token payload.
if is null.
if is null.
if is null.
if is null.
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWT.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the compression algorithm that will be used to compress the JWT token payload.
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
Defines the dictionary containing any custom header claims that need to be added to the inner JWT token header.
if is null.
if is null.
if is null.
if is null.
if is null.
if ,
, , and/or
are present inside of .
A JWE in compact serialization format.
Creates a JWE (Json Web Encryption).
A string containing JSON which represents the JWT token payload.
Defines the security key and algorithm that will be used to sign the JWT.
Defines the security key and algorithm that will be used to encrypt the JWT.
Defines the compression algorithm that will be used to compress the JWT token payload.
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
if is null.
if is null.
if is null.
if is null.
if is null.
if ,
, , and/or
are present inside of .
A JWE in compact serialization format.
Compress a JWT token string.
if is null.
if is null.
if the compression algorithm is not supported.
Compressed JWT token bytes.
Creates a from a .
The to use as a source.
Contains parameters for validating the token.
A containing the .
Creates a from a with the specified issuer.
The to use as a source.
Contains parameters for validating the token.
Specifies the issuer for the .
A containing the .
Decrypts a JWE and returns the clear text
the JWE that contains the cypher text.
contains crypto material.
the decoded / cleartext contents of the JWE.
if is null.
if is null.
if ' .Enc' is null or empty.
if decompression failed.
if ' .Kid' is not null AND decryption fails.
if the JWE was not able to be decrypted.
Encrypts a JWS.
A 'JSON Web Token' (JWT) in JWS Compact Serialization Format.
Defines the security key and algorithm that will be used to encrypt the .
if is null or empty.
if is null.
if both and . are null.
if the CryptoProviderFactory being used does not support the (algorithm), pair.
if unable to create a token encryption provider for the (algorithm), pair.
if encryption fails using the (algorithm), pair.
if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).
Encrypts a JWS.
A 'JSON Web Token' (JWT) in JWS Compact Serialization Format.
Defines the security key and algorithm that will be used to encrypt the .
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
if is null or empty.
if is null.
if is null.
if both and . are null.
if the CryptoProviderFactory being used does not support the (algorithm), pair.
if unable to create a token encryption provider for the (algorithm), pair.
if encryption fails using the (algorithm), pair.
if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).
Encrypts a JWS.
A 'JSON Web Token' (JWT) in JWS Compact Serialization Format.
Defines the security key and algorithm that will be used to encrypt the .
Defines the compression algorithm that will be used to compress the 'innerJwt'.
if is null or empty.
if is null.
if is null or empty.
if both and . are null.
if the CryptoProviderFactory being used does not support the (algorithm), pair.
if unable to create a token encryption provider for the (algorithm), pair.
if compression using fails.
if encryption fails using the (algorithm), pair.
if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).
Encrypts a JWS.
A 'JSON Web Token' (JWT) in JWS Compact Serialization Format.
Defines the security key and algorithm that will be used to encrypt the .
Defines the compression algorithm that will be used to compress the
Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header.
if is null or empty.
if is null.
if is null or empty.
if is null or empty.
if both and . are null.
if the CryptoProviderFactory being used does not support the (algorithm), pair.
if unable to create a token encryption provider for the (algorithm), pair.
if compression using 'algorithm' fails.
if encryption fails using the (algorithm), pair.
if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).
Returns a to use when decrypting a JWE.
The the token that is being decrypted.
The that is being decrypted.
A required for validation.
Returns a to use for signature validation.
If key fails to resolve, then null is returned
Converts a string into an instance of .
A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format.
A
is null or empty.
'token.Length' is greater than .
If the is in JWE Compact Serialization format, only the protected header will be deserialized.
This method is unable to decrypt the payload. Use to obtain the payload.
The token is NOT validated and no security decisions should be made about the contents.
Use or to ensure the token is acceptable.
Converts a string into an instance of .
A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format.
A
is null or empty.
'token.Length' is greater than .
The token is NOT validated and no security decisions should be made about the contents.
Use or to ensure the token is acceptable.
Validates a JWS or a JWE.
A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format.
A required for validation.
A
Validates a token.
On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property.
Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.
The token to be validated.
A required for validation.
A
TokenValidationResult.Exception will be set to one of the following exceptions if the is invalid.
if is null or empty.
if is null.
'token.Length' is greater than .
if is not a valid ,
if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid ,
Converts a string into an instance of .
A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format.
A whose TokenReader, if set, will be used to read a JWT.
A
if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid .
if is not a valid JWT, .
Private method for token validation, responsible for:
(1) Obtaining a configuration from the .
(2) Revalidating using the Last Known Good Configuration (if present), and obtaining a refreshed configuration (if necessary) and revalidating using it.
The JWT token
The to be used for validation.
Validates the JWT signature.
Obtains a and validates the signature.
Bytes to validate.
Signature to compare against.
to use.
Crypto algorithm to use.
The being validated.
Priority will be given to over .
'true' if signature is valid.
This class provides an abstraction over the json parser for net45, net452 using an internal version of Newtonsoft.
will delegate to this class to get values.
Constants for Json Web Tokens.
Short header type.
Long header type.
Short token type.
Long token type.
JWS - Token format: 'header.payload.signature'. Signature is optional, but '.' is required.
JWE - Token format: 'protectedheader.encryptedkey.iv.cyphertext.authenticationtag'.
The number of parts in a JWE token.
The number of parts in a JWS token.
The maximum number of parts in a JWT.
JWE header alg indicating a shared symmetric key is directly used as CEK.
List of header parameter names see: https://datatracker.ietf.org/doc/html/rfc7519#section-5.
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.10
Also: https://datatracker.ietf.org/doc/html/rfc7519#section-5.2
See: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2
See: https://datatracker.ietf.org/doc/html/rfc7518#section-4.7.1.1
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.2
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.3
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.9
Also: https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.6
See: https://datatracker.ietf.org/doc/html/rfc7515#page-12
See: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.5
See: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.3
See: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.1
See: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.2
See: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.3
List of registered claims from different sources
https://datatracker.ietf.org/doc/html/rfc7519#section-4
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
https://datatracker.ietf.org/doc/html/rfc7519#section-4
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken
http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
http://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout
https://datatracker.ietf.org/doc/html/rfc7519#section-4
https://datatracker.ietf.org/doc/html/rfc7519#section-5
Represents the parameters needed to decrypt a JSON Web Token
The JwtSecurityTokenHandler uses this as a helper when decrypting a JwtSecurityToken, the JsonWebTokenHandler sets the JsonWebToken property.
Gets or sets signature algorithm that was used to create the signature.
Gets or sets the AuthenticationTag from the original raw data of this instance when it was created.
Gets or sets the Ciphertext from the original raw data of this instance when it was created.
Gets or sets the function used to attempt decompression with.
Gets or sets the encryption algorithm (Enc) of the token.
Gets the EncodedHeader from the original raw data of this instance when it was created.
Gets or sets the EncodedHeader from the original raw data of this instance when it was created.
Gets or sets the InitializationVector from the original raw data of this instance when it was created.
Gets or sets the collection of s to attempt to decrypt with.
Gets and sets the maximum deflate size in chars that will be processed.
Gets or sets the 'value' of the 'zip' claim.
A class which contains useful methods for processing JWT tokens.
Regex that is used to figure out if a token is in JWS format.
Regex that is used to figure out if a token is in JWE format.
Produces a signature over the .
String to be signed
The that contain crypto specs used to sign the token.
The base 64 url encoded signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ).
'input' or 'signingCredentials' is null.
Produces a signature over the .
String to be signed
The that contain crypto specs used to sign the token.
should the be cached.
The base 64 url encoded signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ).
or is null.
Decompress JWT token bytes.
the bytes to be decompressed.
the decompress algorithm.
maximum number of chars that will be decompressed.
if is null.
if is null.
if the decompression is not supported.
if decompression using fails.
Decompressed JWT token
Decrypts a Json Web Token.
The Json Web Token, could be a JwtSecurityToken or JsonWebToken
The validation parameters containing cryptographic material.
The decryption parameters container.
The decrypted, and if the 'zip' claim is set, decompressed string representation of the token.
Generates key bytes.
Gets all decryption keys.
Gets the using the number of seconds from 1970-01-01T0:0:0Z (UTC)
Claim in the payload that should map to an integer, float, or string.
The payload that contains the desired claim value.
If the claim is not found, the function returns:
If the value of the claim cannot be parsed into a long.
The representation of a claim.
Returns a to use when validating the signature of a token.
The kid field of the token being validated
The x5t field of the token being validated
A required for validation.
The that will be used along with the to resolve the signing key
Returns a to use for signature validation.
Resolve the signing key using configuration then the validationParameters until a key is resolved. If key fails to resolve, then null is returned.
Returns a to use when validating the signature of a token.
The kid field of the token being validated
The x5t field of the token being validated
A collection of a signing key to be resolved from.
Returns a to use for signature validation.
If key fails to resolve, then null is returned
Log messages and codes