Microsoft.IdentityModel.JsonWebTokens

Constants for Json Web tokens.

A URI that represents the JSON XML data type.

When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.

A URI that represents the JSON array XML data type.

A URI that represents the JSON null data type

When mapping json to .Net Claim(s), we use empty string to represent the claim value and set the ClaimValueType to JsonNull

A designed for representing a JSON Web Token (JWT).

Initializes a new instance of from a string in JWS or JWE Compact serialized format.

A JSON Web Token that has been serialized in JWS or JWE Compact serialized format. 'jwtEncodedString' is null or empty. 'jwtEncodedString' is not in JWS or JWE Compact serialization format. The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in

Initializes a new instance of the class where the header contains the crypto algorithms applied to the encoded header and payload.

A string containing JSON which represents the cryptographic operations applied to the JWT and optionally any additional properties of the JWT. A string containing JSON which represents the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }. 'header' is null. 'payload' is null.

Gets the 'value' of the 'actort' claim { actort, 'value' }.

If the 'actort' claim is not found, an empty string is returned.

Gets the 'value' of the 'alg' claim { alg, 'value' }.

If the 'alg' claim is not found, an empty string is returned.

Gets the list of 'aud' claim { aud, 'value' }.

If the 'aud' claim is not found, enumeration will be empty.

Gets the AuthenticationTag from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets the Ciphertext from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets a for each JSON { name, value }.

Gets the 'value' of the 'cty' claim { cty, 'value' }.

If the 'cty' claim is not found, an empty string is returned.

Gets the 'value' of the 'enc' claim { enc, 'value' }.

If the 'enc' value is not found, an empty string is returned.

Gets the EncryptedKey from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Represents the cryptographic operations applied to the JWT and optionally any additional properties of the JWT.

Gets the 'value' of the 'jti' claim { jti, ''value' }.

If the 'jti' claim is not found, an empty string is returned.

Gets the InitializationVector from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets the associated with this instance.

Gets the 'value' of the 'iat' claim { iat, 'value' } converted to a assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).

If the 'iat' claim is not found, then is returned.

Gets the 'value' of the 'iss' claim { iss, 'value' }.

If the 'iss' claim is not found, an empty string is returned.

Gets the 'value' of the 'kid' claim { kid, 'value' }.

If the 'kid' claim is not found, an empty string is returned.

Represents the JSON payload.

Gets the EncodedHeader from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets the EncodedPayload from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets the EncodedSignature from the original raw data of this instance when it was created.

The original JSON Compact serialized format passed into the constructor.

Gets the original raw data of this instance when it was created.

Not implemented.

Gets the 'value' of the 'sub' claim { sub, 'value' }.

If the 'sub' claim is not found, an empty string is returned.

Gets the 'value' of the 'typ' claim { typ, 'value' }.

If the 'typ' claim is not found, an empty string is returned.

Gets the 'value' of the 'nbf' claim { nbf, 'value' } converted to a assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).

If the 'nbf' claim is not found, then is returned.

Gets the 'value' of the 'exp' claim { exp, 'value' } converted to a assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).

If the 'exp' claim is not found, then is returned.

Gets the 'value' of the 'x5t' claim { x5t, 'value' }.

If the 'x5t' claim is not found, an empty string is returned.

Gets the 'value' of the 'zip' claim { zip, 'value' }.

If the 'zip' claim is not found, an empty string is returned.

Decodes the string into the header, payload and signature.

the tokenized string. the original token.

Decodes the payload and signature from the JWE parts.

Parts of the JWE including the header. Assumes Header has already been set.

Decodes the payload and signature from the JWS parts.

Parts of the JWS including the header. Assumes Header has already been set.

Gets a representing the { key, 'value' } pair corresponding to the provided .

If the key has no corresponding value, this method will throw.

Gets the 'value' corresponding to the provided key from the JWT payload { key, 'value' }.

If the key has no corresponding value, this method will throw.

Tries to get the representing the { key, 'value' } pair corresponding to the provided .

If the key has no corresponding value, returns false. Otherwise returns true.

Tries to get the 'value' corresponding to the provided key from the JWT payload { key, 'value' }.

If the key has no corresponding value, returns false. Otherwise returns true.

Gets the 'value' corresponding to the provided key from the JWT header { key, 'value' }.

If the key has no corresponding value, this method will throw.

Tries to get the value corresponding to the provided key from the JWT header { key, 'value' }.

If the key has no corresponding value, returns false. Otherwise returns true.

A designed for creating and validating Json Web Tokens. See: http://tools.ietf.org/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515.

Gets the type of the .

The type of

Determines if the string is a well formed Json Web Token (JWT). see: http://tools.ietf.org/html/rfc7519

String that should represent a valid JWT. Uses matching: JWS: @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (dir): @"^[A-Za-z0-9-_]+\.\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (wrappedkey): @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]$" 'false' if the token is null or whitespace. 'false' if token.Length is greater than . 'true' if the token is in JSON compact serialization format.

Returns a value that indicates if this handler can validate a .

'true', indicating this instance can validate a .

Creates a JWS (Json Web Signature).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWS. A JWS in Compact Serialization Format.

Creates a JWS(Json Web Signature).

A that contains details of contents of the token. A JWS in Compact Serialization Format.

Creates a JWE (Json Web Encryption).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. A JWE in compact serialization format.

Creates a JWE (Json Web Encryption).

Compress a JWT token string.

if 'token' is null. if 'algorithm' is null. if the compression algorithm is not supported. Compressed JWT token bytes.

Creates a from a .

The to use as a source. Contains parameters for validating the token. A containing the .

Decrypts a JWE and returns the clear text

the JWE that contains the cypher text. contains crypto material. the decoded / cleartext contents of the JWE. if 'jwtToken' is null. if 'validationParameters' is null. if 'jwtToken.Enc' is null or empty. if decompression failed. if 'jwtToken.Kid' is not null AND decryption fails. if the JWE was not able to be decrypted.

Encrypts a JWS.

A 'JSON Web Token' (JWT) in JWS Compact Serialization Format. Defines the security key and algorithm that will be used to encrypt the . if is null or empty. if is null. if both and . are null. if the CryptoProviderFactory being used does not support the (algorithm), pair. if unable to create a token encryption provider for the (algorithm), pair. if encryption fails using the (algorithm), pair. if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Encrypts a JWS.

A 'JSON Web Token' (JWT) in JWS Compact Serialization Format. Defines the security key and algorithm that will be used to encrypt the . Defines the compression algorithm that will be used to compress the 'innerJwt'. if is null or empty. if is null. if 'algorithm' is null or empty. if both and . are null. if the CryptoProviderFactory being used does not support the (algorithm), pair. if unable to create a token encryption provider for the (algorithm), pair. if compression using 'algorithm' fails. if encryption fails using the (algorithm), pair. if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Returns a to use when validating the signature of a token.

The that is being validated. A required for validation. Returns a to use for signature validation. If key fails to resolve, then null is returned

Returns a to use when decrypting a JWE.

The the token that is being decrypted. The that is being decrypted. A required for validation. Returns a to use for signature validation. If key fails to resolve, then null is returned

Converts a string into an instance of .

A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format. A 'token' is null or empty. 'token.Length' is greater than . If the 'token' is in JWE Compact Serialization format, only the protected header will be deserialized. This method is unable to decrypt the payload. Use to obtain the payload.

Converts a string into an instance of .

A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format. A 'token' is null or empty. 'token.Length' is greater than .

Validates a JWS or a JWE.

A 'JSON Web Token' (JWT) in JWS or JWE Compact Serialization Format. A required for validation. A

Validates the JWT signature.

Obtains a and validates the signature.

Bytes to validate. Signature to compare against. to use. Crypto algorithm to use. Priority will be given to over . 'true' if signature is valid.

Constants for Json Web Tokens.

Short header type.

Long header type.

Short token type.

Long token type.

JWS - Token format: 'header.payload.signature'. Signature is optional, but '.' is required.

JWE - Token format: 'protectedheader.encryptedkey.iv.cyphertext.authenticationtag'.

The number of parts in a JWE token.

The number of parts in a JWS token.

The maximum number of parts in a JWT.

JWE header alg indicating a shared symmetric key is directly used as CEK.

List of header parameter names see: http://tools.ietf.org/html/rfc7519#section-5.

see:https://tools.ietf.org/html/rfc7515#section-4.1.1

see:https://tools.ietf.org/html/rfc7515#section-4.1.10 also:https://tools.ietf.org/html/rfc7519#section-5.2

see:https://tools.ietf.org/html/rfc7516#section-4.1.2

see:https://tools.ietf.org/html/rfc7518#section-4.7.1.1

see:https://tools.ietf.org/html/rfc7515#section-4.1.2

see:https://tools.ietf.org/html/rfc7515#section-4.1.3

see:https://tools.ietf.org/html/rfc7515#section-4.1.4

see:https://tools.ietf.org/html/rfc7515#section-4.1.9 also:https://tools.ietf.org/html/rfc7519#section-5.1

see:https://tools.ietf.org/html/rfc7515#section-4.1.6

see:https://tools.ietf.org/html/rfc7515#page-12

see:https://tools.ietf.org/html/rfc7515#section-4.1.5

see:https://tools.ietf.org/html/rfc7516#section-4.1.3

List of registered claims from different sources http://tools.ietf.org/html/rfc7519#section-4 http://openid.net/specs/openid-connect-core-1_0.html#IDToken

http://tools.ietf.org/html/rfc7519#section-4

http://openid.net/specs/openid-connect-core-1_0.html#IDToken

http://tools.ietf.org/html/rfc7519#section-4

http://openid.net/specs/openid-connect-core-1_0.html#IDToken

http://tools.ietf.org/html/rfc7519#section-4

http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken

http://tools.ietf.org/html/rfc7519#section-4

http://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout

http://tools.ietf.org/html/rfc7519#section-4

A class which contains useful methods for processing JWT tokens.

Regex that is used to figure out if a token is in JWS format.

Regex that is used to figure out if a token is in JWE format.

Produces a signature over the 'input'.

String to be signed The that contain crypto specs used to sign the token. The bse64urlendcoded signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ). 'input' or 'signingCredentials' is null.

Decompress JWT token bytes.

if is null. if is null. if the decompression is not supported. if decompression using fails. Decompressed JWT token

Has extra code for X509SecurityKey keys where the kid or x5t match in a case insensitive manner.

a key if found, null otherwise.

Generates key bytes.

Gets all decryption keys.

Gets the DateTime using the number of seconds from 1970-01-01T0:0:0Z (UTC)

Claim in the payload that should map to an integer, float, or string. The payload that contains the desired claim value. If the claim is not found, the function returns: DateTime.MinValue If the value of the claim cannot be parsed into a long. The DateTime representation of a claim.

Log messages and codes

Contains artifacts obtained when a SecurityToken is validated.

The created from the validated security token.

Gets or sets the that occurred during validation.

Gets or sets the issuer that was found in the token.

True if the token was successfully validated, false otherwise.

Gets or sets the that was validated.

Gets or sets the that contains call information.

Gets or sets the token type of the that was validated.