Class GoogleJsonWebSignature

Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.

Inheritance

object

GoogleJsonWebSignature

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: Google.Apis.Auth

Assembly: Google.Apis.Auth.dll

Syntax

public class GoogleJsonWebSignature

Methods

ValidateAsync(string, ValidationSettings)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.

Declaration

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)

Parameters

Type	Name	Description
string	jwt	The JWT to validate.
GoogleJsonWebSignature.ValidationSettings	validationSettings	Specifies how to carry out the validation.

Returns

Type	Description
Task<GoogleJsonWebSignature.Payload>	The payload of the verified token.

Remarks

Follows the procedure to validate a JWT ID token.

Issued-at validation and expiry validation is performed using the clock on this local client, so local clock inaccuracies can lead to incorrect validation results. Use IssuedAtClockTolerance and ExpirationTimeClockTolerance to allow for local clock inaccuracy IssuedAtClockTolerance defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid. ExpirationTimeClockTolerance defaults to zero seconds; in some use-cases it may be useful to set this to a negative value to help ensure that passing local validation means it will pass server validation. Regardless of whether local validation passed, code must always correctly handle an invalid JWT error from the server.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.

Exceptions

Type	Condition
InvalidJwtException	If the token does not pass verification.

ValidateAsync(string, IClock, bool)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.

Declaration

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)

Parameters

Type	Name	Description
string	jwt	The JWT to validate.
IClock	clock	Optional. The Google.Apis.Util.IClock to use for JWT expiration verification. Defaults to the system clock.
bool	forceGoogleCertRefresh	Optional. If true forces new certificates to be downloaded from Google. Defaults to false.

Returns

Type	Description
Task<GoogleJsonWebSignature.Payload>	The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise.

Remarks

Follows the procedure to validate a JWT ID token.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting forceGoogleCertRefresh to true.

Exceptions

Type	Condition
InvalidJwtException	Thrown when passed a JWT that is not a valid JWT signed by Google.