Decrypt jwt token Authorization bearer
uppose that I response an encrypted access token to the user in web api response, which the user use it to access api in Authorization: Bearer header. Lets Assume that the user now has access token "abc". And JwtAuthorizationBearer now accepts token unencrypted token "def". But i would like it to accept the authorization bearer validation when user post the encrypted access token "abc" back. How could it be done?
I have seen a function name OnRequestToken but not sure whether it is used for this case.
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new[] { audience },
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
},
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = context =>
{
if (!string.IsNullOrEmpty(token))
{
var notPadded = token.Split('.')[1];
var padded = notPadded.PadRight(notPadded.Length + (4 - notPadded.Length % 4) % 4, '=');
var urlUnescaped = padded.Replace('-', '+').Replace('_', '/');
var claimsPart = Convert.FromBase64String(urlUnescaped);
var obj = JObject.Parse(Encoding.UTF8.GetString(claimsPart, 0, claimsPart.Length));
// simple, not handling specific types, arrays, etc.
foreach (var prop in obj.Properties().AsJEnumerable())
{
if (!context.Ticket.Identity.HasClaim(prop.Name, prop.Value.Value ()))
{
context.Ticket.Identity.AddClaim(new Claim(prop.Name, prop.Value.Value ()));
}
}
}
return Task.FromResult(null);
}
}
});
https://stackoverflow.com/questions/34197323/decrypt-jwt-token-authorization-bearer