Manually decode OAuth bearer token in c#

前端 未结 3 1589
走了就别回头了
走了就别回头了 2021-02-07 18:51

In my Web Api 2.2 OWIN based application I have a situation where I manually need to decode the bearer token but I don\'t know how to do this. This is my startup.cs

<         


        
相关标签:
3条回答
  • 2021-02-07 19:40

    Just placing this here for others that may visit in the future. Solution found at https://long2know.com/2015/05/decrypting-owin-authentication-ticket/ is simpler.

    Just 2 lines :

    var secureDataFormat = new TicketDataFormat(new MachineKeyProtector());
    AuthenticationTicket ticket = secureDataFormat.Unprotect(accessToken);
    
    
    
    private class MachineKeyProtector : IDataProtector {
        private readonly string[] _purpose =
        {
            typeof(OAuthAuthorizationServerMiddleware).Namespace,
            "Access_Token",
            "v1"
        };
    
        public byte[] Protect(byte[] userData)
        {
            throw new NotImplementedException();
        }
    
        public byte[] Unprotect(byte[] protectedData)
        {
            return System.Web.Security.MachineKey.Unprotect(protectedData, _purpose);
        } }
    
    0 讨论(0)
  • 2021-02-07 19:42

    You can read JWT and create Principals and Identity object using the System.IdentityModel.Tokens.Jwt package - https://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt/.

    Here's a quick example that shows the options available when reading and validating the token,

        private ClaimsIdentity GetIdentityFromToken(string token, X509Certificate2 certificate)
        {  
            var tokenDecoder = new JwtSecurityTokenHandler();         
            var jwtSecurityToken = (JwtSecurityToken)tokenDecoder.ReadToken(token);
    
            SecurityToken validatedToken;
    
            var principal = tokenDecoder.ValidateToken(
                jwtSecurityToken.RawData,
                new TokenValidationParameters()
                    {
                        ValidateActor = false,
                        ValidateIssuer = false,
                        ValidateAudience = false,
                        ValidateLifetime = false,
                        ValidateIssuerSigningKey = false,
                        RequireExpirationTime = false,
                        RequireSignedTokens = false,
                        IssuerSigningToken = new X509SecurityToken(certificate)
                    },
                out validatedToken);
    
            return principal.Identities.FirstOrDefault();
        }
    
    0 讨论(0)
  • 2021-02-07 19:45

    I created a sample project for deserializing bearer tokens, which are encrypted using the MachineKeyDataProtector. You can take a look at the source code.

    Bearer-Token-Deserializer

    0 讨论(0)
提交回复
热议问题