Class GoogleJsonWebSignature (1.60.0)

public class GoogleJsonWebSignature

Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.

Inheritance

object > GoogleJsonWebSignature

Namespace

GoogleApisAuth

Assembly

Google.Apis.Auth.dll

Methods

ValidateAsync(string, ValidationSettings)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.

Parameters
Name Description
jwt string

The JWT to validate.

validationSettings GoogleJsonWebSignatureValidationSettings

Specifies how to carry out the validation.

Returns
Type Description
TaskGoogleJsonWebSignaturePayload

The payload of the verified token.

Remarks

Follows the procedure to validate a JWT ID token.

Issued-at validation and expiry validation is performed using the clock on this local client, so local clock inaccuracies can lead to incorrect validation results. Use IssuedAtClockTolerance and ExpirationTimeClockTolerance to allow for local clock inaccuracy IssuedAtClockTolerance defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid. ExpirationTimeClockTolerance defaults to zero seconds; in some use-cases it may be useful to set this to a negative value to help ensure that passing local validation means it will pass server validation. Regardless of whether local validation passed, code must always correctly handle an invalid JWT error from the server.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.

Exceptions
Type Description
InvalidJwtException

If the token does not pass verification.

ValidateAsync(string, IClock, bool)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.

Parameters
Name Description
jwt string

The JWT to validate.

clock IClock

Optional. The IClock to use for JWT expiration verification. Defaults to the system clock.

forceGoogleCertRefresh bool

Optional. If true forces new certificates to be downloaded from Google. Defaults to false.

Returns
Type Description
TaskGoogleJsonWebSignaturePayload

The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise.

Remarks

Follows the procedure to validate a JWT ID token.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting forceGoogleCertRefresh to true.

Exceptions
Type Description
InvalidJwtException

Thrown when passed a JWT that is not a valid JWT signed by Google.

Extension Method