public class GoogleJsonWebSignature
Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.
Namespace
GoogleApisAuthAssembly
Google.Apis.Auth.dll
Methods
ValidateAsync(string, ValidationSettings)
public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)
Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.
Parameters | |
---|---|
Name | Description |
jwt |
string The JWT to validate. |
validationSettings |
GoogleJsonWebSignatureValidationSettings Specifies how to carry out the validation. |
Returns | |
---|---|
Type | Description |
TaskGoogleJsonWebSignaturePayload |
The payload of the verified token. |
Follows the procedure to validate a JWT ID token.
Issued-at validation and expiry validation is performed using the clock on this local client,
so local clock inaccuracies can lead to incorrect validation results.
Use IssuedAtClockTolerance and ExpirationTimeClockTolerance
to allow for local clock inaccuracy
IssuedAtClockTolerance
defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid.
ExpirationTimeClockTolerance
defaults to zero seconds; in some use-cases it may be useful to set this to a negative
value to help ensure that passing local validation means it will pass server validation.
Regardless of whether local validation passed, code must always correctly handle an invalid JWT error
from the server.
Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.
Exceptions | |
---|---|
Type | Description |
InvalidJwtException |
If the token does not pass verification. |
ValidateAsync(string, IClock, bool)
public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)
Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.
Parameters | |
---|---|
Name | Description |
jwt |
string The JWT to validate. |
clock |
IClock Optional. The IClock to use for JWT expiration verification. Defaults to the system clock. |
forceGoogleCertRefresh |
bool Optional. If true forces new certificates to be downloaded from Google. Defaults to false. |
Returns | |
---|---|
Type | Description |
TaskGoogleJsonWebSignaturePayload |
The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise. |
Follows the procedure to validate a JWT ID token.
Google certificates are cached, and refreshed once per hour. This can be overridden by setting
forceGoogleCertRefresh
to true.
Exceptions | |
---|---|
Type | Description |
InvalidJwtException |
Thrown when passed a JWT that is not a valid JWT signed by Google. |