Class GoogleJsonWebSignature (1.50.0)

public class GoogleJsonWebSignature : object

Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.

Inheritance

Object > GoogleJsonWebSignature

Namespace

Google.Apis.Auth

Assembly

Google.Apis.Auth.dll

Methods

ValidateAsync(String, GoogleJsonWebSignature.ValidationSettings)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.

Parameters
NameDescription
jwtString

The JWT to validate.

validationSettingsGoogleJsonWebSignature.ValidationSettings

Specifies how to carry out the validation.

Returns
TypeDescription
Task<GoogleJsonWebSignature.Payload>

The payload of the verified token.

Remarks

Follows the procedure to validate a JWT ID token.

Issued-at validation and expiry validation is performed using the clock on this local client, so local clock inaccuracies can lead to incorrect validation results. Use IssuedAtClockTolerance and ExpirationTimeClockTolerance to allow for local clock inaccuracy IssuedAtClockTolerance defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid. ExpirationTimeClockTolerance defaults to zero seconds; in some use-cases it may be useful to set this to a negative value to help ensure that passing local validation means it will pass server validation. Regardless of whether local validation passed, code must always correctly handle an invalid JWT error from the server.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.

Exceptions
TypeDescription
InvalidJwtException

If the token does not pass verification.

ValidateAsync(String, IClock, Boolean)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.

Parameters
NameDescription
jwtString

The JWT to validate.

clockIClock

Optional. The IClock to use for JWT expiration verification. Defaults to the system clock.

forceGoogleCertRefreshBoolean

Optional. If true forces new certificates to be downloaded from Google. Defaults to false.

Returns
TypeDescription
Task<GoogleJsonWebSignature.Payload>

The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise.

Remarks

Follows the procedure to validate a JWT ID token.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting forceGoogleCertRefresh to true.

Exceptions
TypeDescription
InvalidJwtException

Thrown when passed a JWT that is not a valid JWT signed by Google.

Extension Method