Iam working on app, which consists from angular frontend and ASP net Web API backend(.net 4.5). For authentication iam using OpenIdConnect. I succesfully connected frontend to identity provider but now i need to validate id token on backend, so i can be sure, that only validated users can call backend.
This id token use rs256 algorithm for signing. So on backend, i need to do two things:
Get JWKs from identity provider URL - iam a little lost here, should i get it throug normal HttpClient, or there is some library or helper function to do this?
Generate RSA public key out of JWKs and validate token - for this iam using this function:
string token="xyz.."; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = FromBase64Url("xyz.."), Exponent = FromBase64Url("xyz..") }); var validationParameters = new TokenValidationParameters { RequireExpirationTime = true, RequireSignedTokens = true, ValidateAudience = false, ValidateIssuer = false, ValidateLifetime = true, IssuerSigningKey = new RsaSecurityKey(rsa) }; SecurityToken validatedSecurityToken = null; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(tokenStr, validationParameters, out validatedSecurityToken); JwtSecurityToken validatedJwt = validatedSecurityToken as JwtSecurityToken;
It works, but now i need to connect it somehow with the loaded JWKs and register it to use this for every request that comes. Any advices or simple example would really help me. Thx.