| | | 1 | | using System.IdentityModel.Tokens.Jwt; |
| | | 2 | | |
| | | 3 | | namespace Kestrun.Jwt; |
| | | 4 | | /// <summary> |
| | | 5 | | /// Provides methods for inspecting and extracting parameters from JWT tokens. |
| | | 6 | | /// </summary> |
| | | 7 | | public static class JwtInspector |
| | | 8 | | { |
| | | 9 | | /// <summary> |
| | | 10 | | /// Reads out every header field, standard property, and claim from a compact JWT. |
| | | 11 | | /// </summary> |
| | | 12 | | public static JwtParameters ReadAllParameters(string token) |
| | | 13 | | { |
| | 11 | 14 | | var handler = new JwtSecurityTokenHandler(); |
| | | 15 | | |
| | | 16 | | // parse without validating signature or lifetime |
| | 11 | 17 | | var jwt = handler.ReadJwtToken(token); |
| | | 18 | | |
| | 11 | 19 | | var result = new JwtParameters |
| | 11 | 20 | | { |
| | 11 | 21 | | Issuer = jwt.Issuer, |
| | 11 | 22 | | Audiences = jwt.Audiences, |
| | 11 | 23 | | Subject = jwt.Subject, |
| | 11 | 24 | | NotBefore = jwt.ValidFrom == DateTime.MinValue ? null : jwt.ValidFrom, |
| | 11 | 25 | | Expires = jwt.ValidTo == DateTime.MinValue ? null : jwt.ValidTo, |
| | 11 | 26 | | IssuedAt = jwt.Payload.IssuedAt == DateTime.MinValue ? null : jwt.Payload.IssuedAt, |
| | 11 | 27 | | Algorithm = jwt.SignatureAlgorithm, |
| | 11 | 28 | | Type = jwt.Header.Typ, |
| | 11 | 29 | | KeyId = jwt.Header.Kid |
| | 11 | 30 | | }; |
| | | 31 | | |
| | | 32 | | // copy all header entries |
| | 96 | 33 | | foreach (var kv in jwt.Header) |
| | | 34 | | { |
| | 37 | 35 | | result.Header[kv.Key] = kv.Value; |
| | | 36 | | } |
| | | 37 | | |
| | | 38 | | // copy all payload claims (including custom ones) |
| | 174 | 39 | | foreach (var claim in jwt.Claims) |
| | | 40 | | { |
| | | 41 | | // if a claim type can appear multiple times, you might want to handle lists |
| | 76 | 42 | | result.Claims[claim.Type] = claim.Value; |
| | | 43 | | } |
| | | 44 | | |
| | 11 | 45 | | return result; |
| | | 46 | | } |
| | | 47 | | } |