Tuesday, June 6, 2017

Decrypt jwt token Authorization bearer

uppose that I response an encrypted access token to the user in web api response, which the user use it to access api in Authorization: Bearer header. Lets Assume that the user now has access token "abc". And JwtAuthorizationBearer now accepts token unencrypted token "def". But i would like it to accept the authorization bearer validation when user post the encrypted access token "abc" back. How could it be done?
I have seen a function name OnRequestToken but not sure whether it is used for this case.

app.UseJwtBearerAuthentication(
    new JwtBearerAuthenticationOptions
    {
        AuthenticationMode = AuthenticationMode.Active,
        AllowedAudiences = new[] { audience },
        IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
        {
            new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
        },
        Provider = new OAuthBearerAuthenticationProvider
        {
            OnValidateIdentity = context =>
            {
                if (!string.IsNullOrEmpty(token))
                {
                    var notPadded = token.Split('.')[1];
                    var padded = notPadded.PadRight(notPadded.Length + (4 - notPadded.Length % 4) % 4, '=');
                    var urlUnescaped = padded.Replace('-', '+').Replace('_', '/');
                    var claimsPart = Convert.FromBase64String(urlUnescaped);

                    var obj = JObject.Parse(Encoding.UTF8.GetString(claimsPart, 0, claimsPart.Length));

                    // simple, not handling specific types, arrays, etc.
                    foreach (var prop in obj.Properties().AsJEnumerable())
                    {
                        if (!context.Ticket.Identity.HasClaim(prop.Name, prop.Value.Value()))
                        {
                            context.Ticket.Identity.AddClaim(new Claim(prop.Name, prop.Value.Value()));
                        }
                    }
                }

                return Task.FromResult(null);
            }
        }
    });
https://stackoverflow.com/questions/34197323/decrypt-jwt-token-authorization-bearer

Man in the Rain