Microsoft.IdentityModel.JsonWebTokens

Initializes static members of the class.

Gets the InboundClaimTypeMap used by JwtSecurityTokenHandler when producing claims from jwt.

Gets the OutboundClaimTypeMap is used by JwtSecurityTokenHandler to shorten claim types when creating a jwt.

Constants for Json Web tokens.

A URI that represents the JSON XML data type.

When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.

A URI that represents the JSON array XML data type.

A URI that represents the JSON null data type

When mapping json to .Net Claim(s), we use empty string to represent the claim value and set the ClaimValueType to JsonNull

A designed for representing a JSON Web Token (JWT).

Initializes a new instance of from a string in JWS or JWE Compact serialized format.

A JSON Web Token that has been serialized in JWS or JWE Compact serialized format. 'jwtEncodedString' is null or empty. 'jwtEncodedString' is not in JWS or JWE Compact serialization format. see: https://datatracker.ietf.org/doc/html/rfc7519 (JWT) see: https://datatracker.ietf.org/doc/html/rfc7515 (JWS) see: https://datatracker.ietf.org/doc/html/rfc7516 (JWE) The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in

Initializes a new instance of the class where the header contains the crypto algorithms applied to the encoded header and payload.

A string containing JSON which represents the cryptographic operations applied to the JWT and optionally any additional properties of the JWT. A string containing JSON which represents the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }. see: https://datatracker.ietf.org/doc/html/rfc7519 (JWT) see: https://datatracker.ietf.org/doc/html/rfc7515 (JWS) see: https://datatracker.ietf.org/doc/html/rfc7516 (JWE) The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in 'header' is null. 'payload' is null.

Gets the AuthenticationTag from the original raw data of this instance when it was created.

Contains the results of a Authentication Encryption with Associated Data (AEAD). see: https://datatracker.ietf.org/doc/html/rfc7516#section-2 If this JWT is not encrypted with an algorithms that uses an Authentication Tag, an empty string will be returned.

Gets the Ciphertext representing the encrypted JWT in the original raw data.

When decrypted using values in the JWE header will contain the plaintext payload. see: https://datatracker.ietf.org/doc/html/rfc7516#section-2 If this JWT is not encrypted, an empty string will be returned.

Gets the EncodedHeader from the original raw data of this instance when it was created.

The original Base64UrlEncoded string of the JWT header.

Gets the Encrypted Content Encryption Key.

For some algorithms this value may be null even though the JWT was encrypted. see: https://datatracker.ietf.org/doc/html/rfc7516#section-2 If not found, an empty string is returned.

Gets the EncodedPayload from the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT payload, for JWE this will an empty string.

Gets the EncodedSignature from the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT signature. If the JWT was not signed or a JWE, an empty string is returned.

Gets the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT.

Gets the Initialization Vector used when encrypting the plaintext.

see: https://datatracker.ietf.org/doc/html/rfc7516#appendix-A-1-4 Some algorithms may not use an Initialization Vector. If not found an empty string is returned.

Gets the associated with this instance.

see: https://datatracker.ietf.org/doc/html/rfc7516#section-2 For encrypted tokens {JWE}, this represents the JWT that was encrypted. If the JWT is not encrypted, this value will be null.

Returns true if this JsonWebToken was encrypted a JWE.

Returns true if this JsonWebToken was signed a JWS.

Not implemented.

Gets or sets the that was used to sign this token.

If the JWT was not signed or validated, this value will be null.

Converts a string into an instance of .

A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format. if is malformed, a valid JWT should have either 2 dots (JWS) or 4 dots (JWE). if does not have an non-empty authentication tag after the 4th dot for a JWE. if has more than 4 dots.

Gets the 'value' of the 'actort' claim the payload.

If the 'actort' claim is not found, an empty string is returned.

Gets the 'value' of the 'alg' claim from the header.

Identifies the cryptographic algorithm used to encrypt or determine the value of the Content Encryption Key. Applicable to an encrypted JWT {JWE}. see: https://datatracker.ietf.org/doc/html/rfc7516#section-4-1-1 If the 'alg' claim is not found, an empty string is returned.

Gets the list of 'aud' claims from the payload.

Identifies the recipients that the JWT is intended for. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4-1-3 If the 'aud' claim is not found, enumeration will be empty.

Gets a where each claim in the JWT { name, value } is returned as a .

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type.

Gets the 'value' of the 'cty' claim from the header.

Used by JWS applications to declare the media type[IANA.MediaTypes] of the secured content (the payload). see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.12 (JWE) see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.10 (JWS) If the 'cty' claim is not found, an empty string is returned.

Gets the 'value' of the 'enc' claim from the header.

Identifies the content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext and the Authentication Tag. see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2

Gets a representing the { key, 'value' } pair corresponding to the provided .

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type. If the key has no corresponding value, this method will throw.

Gets the 'value' corresponding to key from the JWT header transformed as type 'T'.

The expectation is that the 'value' corresponds to a type are expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. The value as . if claim is not found or a transformation to cannot be made.

Gets the 'value' corresponding to key from the JWT payload transformed as type 'T'.

Gets the 'value' of the 'jti' claim from the payload.

Provides a unique identifier for the JWT. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7 If the 'jti' claim is not found, an empty string is returned.

Gets the 'value' of the 'iat' claim converted to a from the payload.

Identifies the time at which the JWT was issued. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6 If the 'iat' claim is not found, then is returned.

Gets the 'value' of the 'iss' claim from the payload.

Identifies the principal that issued the JWT. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1 If the 'iss' claim is not found, an empty string is returned.

Gets the 'value' of the 'kid' claim from the header.

'kid'is a hint indicating which key was used to secure the JWS. see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4 (JWS) see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.6 (JWE) If the 'kid' claim is not found, an empty string is returned.

Gets the 'value' of the 'sub' claim from the payload.

see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2 Identifies the principal that is the subject of the JWT. If the 'sub' claim is not found, an empty string is returned.

Returns the encoded token without signature or authentication tag.

Encoded token string without signature or authentication tag.

Try to get a representing the { key, 'value' } pair corresponding to the provided . The value is obtained from the Payload.

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type. true if successful, false otherwise.

Tries to get the value

The expectation is that the 'value' corresponds to a type expected in a JWT token. true if successful, false otherwise.

Tries to get the value corresponding to the provided key from the JWT header { key, 'value' }.

The expectation is that the 'value' corresponds to a type expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. true if successful, false otherwise.

Try to get the 'value' corresponding to key from the JWT payload transformed as type 'T'.

Gets the 'value' of the 'typ' claim from the header.

Is used by JWT applications to declare the media type. see: https://datatracker.ietf.org/doc/html/rfc7519#section-5.1 If the 'typ' claim is not found, an empty string is returned.

Gets the 'value' of the 'x5t' claim from the header.

Is the base64url-encoded SHA-1 thumbprint(a.k.a.digest) of the DER encoding of the X.509 certificate used to sign this token. see: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.7 If the 'x5t' claim is not found, an empty string is returned.

Gets the 'value' of the 'nbf' claim converted to a from the payload.

Identifies the time before which the JWT MUST NOT be accepted for processing. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5 If the 'nbf' claim is not found, then is returned.

Gets the 'value' of the 'exp' claim converted to a from the payload.

Identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4 If the 'exp' claim is not found, then is returned.

Gets the 'value' of the 'zip' claim from the header.

The "zip" (compression algorithm) applied to the plaintext before encryption, if any. see: https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.3 If the 'zip' claim is not found, an empty string is returned.

A designed for creating and validating Json Web Tokens. See: https://datatracker.ietf.org/doc/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515.

Default claim type mapping for inbound claims.

Default value for the flag that determines whether or not the InboundClaimTypeMap is used.

Gets the Base64Url encoded string representation of the following JWT header: { , }.

The Base64Url encoded string representation of the unsigned JWT header.

Initializes a new instance of the class.

Gets the type of the .

The type of

Gets or sets the property name of the will contain the original JSON claim 'name' if a mapping occurred when the (s) were created.

If .IsNullOrWhiteSpace('value') is true.

Gets or sets the property which is used when determining whether or not to map claim types that are extracted when validating a . If this is set to true, the is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs. The default value is false.

Gets or sets the which is used when setting the for claims in the extracted when validating a . The is set to the JSON claim 'name' after translating using this mapping. The default value is ClaimTypeMapping.InboundClaimTypeMap.

'value' is null.

Determines if the string is a well formed Json Web Token (JWT). See: https://datatracker.ietf.org/doc/html/rfc7519

String that should represent a valid JWT. Uses matching: JWS: @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (dir): @"^[A-Za-z0-9-_]+\.\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (wrappedkey): @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]$" 'false' if the token is null or whitespace. 'false' if token.Length is greater than . 'true' if the token is in JSON compact serialization format.

Returns a value that indicates if this handler can validate a .

'true', indicating this instance can validate a .

Creates an unsigned JWS (Json Web Signature).

A string containing JSON which represents the JWT token payload. if is null. A JWS in Compact Serialization Format.

Creates an unsigned JWS (Json Web Signature).

A string containing JSON which represents the JWT token payload. Defines the dictionary containing any custom header claims that need to be added to the JWT token header. if is null. if is null. A JWS in Compact Serialization Format.

Creates a JWS (Json Web Signature).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWS. if is null. if is null. A JWS in Compact Serialization Format.

Creates a JWS (Json Web Signature).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWS. Defines the dictionary containing any custom header claims that need to be added to the JWT token header. if is null. if is null. if is null. if , , , and/or are present inside of . A JWS in Compact Serialization Format.

Creates a JWS(Json Web Signature).

A that contains details of contents of the token. A JWS in Compact Serialization Format.