Class GoogleJsonWebSignature
Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.
Inheritance
Inherited Members
Namespace: Google.Apis.Auth
Assembly: Google.Apis.Auth.dll
Syntax
public class GoogleJsonWebSignature
Methods
ValidateAsync(String, GoogleJsonWebSignature.ValidationSettings)
Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.
Declaration
public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)
Parameters
Type | Name | Description |
---|---|---|
System.String | jwt | The JWT to validate. |
GoogleJsonWebSignature.ValidationSettings | validationSettings | Specifies how to carry out the validation. |
Returns
Type | Description |
---|---|
System.Threading.Tasks.Task<GoogleJsonWebSignature.Payload> |
Remarks
Follows the procedure to validate a JWT ID token.
Issued-at validation and expiry validation is performed using the clock on this local client,
so local clock inaccuracies can lead to incorrect validation results.
Use IssuedAtClockTolerance and ExpirationTimeClockTolerance
to allow for local clock inaccuracy
IssuedAtClockTolerance
defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid.
ExpirationTimeClockTolerance
defaults to zero seconds; in some use-cases it may be useful to set this to a negative
value to help ensure that passing local validation means it will pass server validation.
Regardless of whether local validation passed, code must always correctly handle an invalid JWT error
from the server.
Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.
ValidateAsync(String, IClock, Boolean)
Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.
Declaration
public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)
Parameters
Type | Name | Description |
---|---|---|
System.String | jwt | The JWT to validate. |
Google.Apis.Util.IClock | clock | Optional. The Google.Apis.Util.IClock to use for JWT expiration verification. Defaults to the system clock. |
System.Boolean | forceGoogleCertRefresh | Optional. If true forces new certificates to be downloaded from Google. Defaults to false. |
Returns
Type | Description |
---|---|
System.Threading.Tasks.Task<GoogleJsonWebSignature.Payload> | The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise. |
Remarks
Follows the procedure to validate a JWT ID token.
Google certificates are cached, and refreshed once per hour. This can be overridden by setting
forceGoogleCertRefresh
to true.
Exceptions
Type | Condition |
---|---|
InvalidJwtException | Thrown when passed a JWT that is not a valid JWT signed by Google. |