Verify CertifID Access and ID Tokens | C# Online Compiler

Verify CertifID Access and ID Tokens by Ivan CertifID

using System;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
					
public class Program
{
	public static void Main()
	{
		// Environment specific app settings
		const string certifidAuthDomain = "https://auth.test.certifid.com/"; // auth.certifid.com for production
		const string certifidApiAudience = "https://api.certifid.com";

		// Put your own tokens here
		const string access_token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlNeEpNV2YwTkF0blNDUFhac1dVQyJ9.eyJodHRwczovL2NlcnRpZmlkLmNvbS9yZWFsbSI6ImNlcnRpZmlkIiwiaHR0cHM6Ly9jZXJ0aWZpZC5jb20vY29ubmVjdGlvbiI6IkNlcnRpZklELVVzZXJzLURCIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRlc3QuY2VydGlmaWQuY29tLyIsInN1YiI6ImF1dGgwfGY1NDMwMjRjLWI3MWMtNGYwYy05ZmEzLWU0YzE5NDlhNzhkNCIsImF1ZCI6WyJodHRwczovL2FwaS5jZXJ0aWZpZC5jb20iLCJodHRwczovL2NlcnRpZmlkLXRlc3QudXMuYXV0aDAuY29tL3VzZXJpbmZvIl0sImlhdCI6MTYxMTMzNTY2NiwiZXhwIjoxNjExNDIyMDY2LCJhenAiOiJ2alFXQzFvVVZNbnFzQVMyczNRY0hrNTBDZHNhdXc0WiIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwgb2ZmbGluZV9hY2Nlc3MifQ.CIXtEym7Gxr70cRvOcFwKXFL2V3agC3lAdfZX0aRvZW8HBfM0ibnoqTjlN7wU9f2KAtX6ovFYBuEG_2xtQmt51ClYFf-FbU86zDrPCZtEU6xMA73ELCgavGi4Sew64KuBOcLc7fgXnnNFT_ZIH_560-smWqEW2gzFsFNExEBrj4MNC6cIRHosdYQsszyeMQicr4XG8vm0_gQFyTxtvVXlqZvl-B1FZlPHzc_I59WBZtwyaEUIiUXb6PnFtes-54Tf7EpLAGFHI2NlfQ4CECEFtiDvyLi7y3lh-yKGcShAGXC_FrCbhOh7hq2Rkm2NzHgntCLUcxy-pTU0mtc9I-E_g"; // Obtain a JWT to validate and put it in here
		const string id_token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlNeEpNV2YwTkF0blNDUFhac1dVQyJ9.eyJodHRwczovL2V4YW1wbGUuY29tL2dlb2lwIjp7ImNvdW50cnlfY29kZSI6IlVTIiwiY291bnRyeV9jb2RlMyI6IlVTQSIsImNvdW50cnlfbmFtZSI6IlVuaXRlZCBTdGF0ZXMiLCJjaXR5X25hbWUiOiJQZmx1Z2VydmlsbGUiLCJsYXRpdHVkZSI6MzAuNDQyMSwibG9uZ2l0dWRlIjotOTcuNjMzOSwidGltZV96b25lIjoiQW1lcmljYS9DaGljYWdvIiwiY29udGluZW50X2NvZGUiOiJOQSJ9LCJuaWNrbmFtZSI6ImpvaG4iLCJuYW1lIjoiam9obkB0ZXN0LmNlcnRpZmlkLmNvbSIsInBpY3R1cmUiOiJodHRwczovL3MuZ3JhdmF0YXIuY29tL2F2YXRhci84YTdiOWEwOTAyMmIyY2ZkODNlYmI0YjU4YzM3MTE5MT9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRmpvLnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIxLTAxLTIyVDE3OjE0OjE5Ljc2OVoiLCJlbWFpbCI6ImpvaG5AdGVzdC5jZXJ0aWZpZC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRlc3QuY2VydGlmaWQuY29tLyIsInN1YiI6ImF1dGgwfGY1NDMwMjRjLWI3MWMtNGYwYy05ZmEzLWU0YzE5NDlhNzhkNCIsImF1ZCI6InZqUVdDMW9VVk1ucXNBUzJzM1FjSGs1MENkc2F1dzRaIiwiaWF0IjoxNjExMzM1NjY2LCJleHAiOjE2MTEzNzE2NjZ9.U_BOjJoKps1ygjwEWegK97Jd_D4d47GDlOVlIpmMj2BjftRfOwx4ku1TFpV7KlMMKKBK4iFkrlZ8JSajXOniWdEeclQPMFDRr56KIeaDHmlZH1sFH22ccABLD0gJTx6tC9LZNmNc3wXlzsWx7PBxECogmx26YYuY3BMvreOPGcd7pzrI9q-Dc4dCrIb8kTnfes0AefERHafAM9vDKHds4IBQoccN-qVE7z1IaUP8XUH97aqnIUb_USfkBrJ15xOQXIyQMaPzplCB8pdXp9XvFyRj_Zr0YLTW9ekm3lokVHI7iyboKisQzQnX-igLcmXaaMH_Q_QE-ABQdqpncWVuuw";

		try
		{
			// First, the access token - it contains the "audience" for the ID token
			var accessToken = ValidateToken(access_token, certifidAuthDomain, certifidApiAudience);

			// Now, the ID token - first get the authorized party of the access_token, which is the audience of the id_token
			var idTokenAuthorizedParty = accessToken.Claims.First(c => c.Type == "azp").Value;
			var idToken = ValidateToken(id_token, certifidAuthDomain, idTokenAuthorizedParty);

			// Done!
			// The ValidateToken method above will return a ClaimsPrincipal. Get the user ID from the NameIdentifier claim
			// (The sub claim from the JWT will be translated to the NameIdentifier claim)
			Console.WriteLine($"Token is validated. User Id {accessToken.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value}");
			Console.WriteLine($"Token is validated. User Email {idToken.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email)?.Value}");
		}
		catch (Exception e)
		{
			Console.WriteLine($"Error occurred while validating token: {e.Message}");
			throw;
		}
	}
	
	private static ClaimsPrincipal ValidateToken(string token, string domain, string audience) {
		// Download the OIDC configuration which contains the JWKS
		// NB!!: Downloading this takes time, so do not do it very time you need to validate a token, Try and do it only once in the lifetime
		//     of your application!!
		IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"{domain}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
		OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async () => await configurationManager.GetConfigurationAsync(CancellationToken.None));

		// Configure the TokenValidationParameters. Assign the SigningKeys which were downloaded from Auth0. 
		// Also set the Issuer and Audience(s) to validate
		TokenValidationParameters validationParameters =
			new TokenValidationParameters
		{
			ValidIssuer = domain,
			ValidAudiences = new[] { audience },
			IssuerSigningKeys = openIdConfig.SigningKeys
		};

		// Now validate the token. If the token is not valid for any reason, an exception will be thrown by the method
		SecurityToken validatedToken;
		JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
		ClaimsPrincipal user = handler.ValidateToken(token, validationParameters, out validatedToken);
		return user;
	}
	
	
	internal static class AsyncHelper
    {
        private static readonly TaskFactory TaskFactory = new TaskFactory(CancellationToken.None, TaskCreationOptions.None, TaskContinuationOptions.None, TaskScheduler.Default);

        public static void RunSync(Func<Task> func)
        {
            TaskFactory.StartNew(func).Unwrap().GetAwaiter().GetResult();
        }

        public static TResult RunSync<TResult>(Func<Task<TResult>> func)
        {
            return TaskFactory.StartNew(func).Unwrap().GetAwaiter().GetResult();
        }
    }
}

​x
 
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
                    
public class Program
{
    public static void Main()
    {
        // Environment specific app settings
        const string certifidAuthDomain = "https://auth.test.certifid.com/"; // auth.certifid.com for production
        const string certifidApiAudience = "https://api.certifid.com";
​
        // Put your own tokens here
        const string access_token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlNeEpNV2YwTkF0blNDUFhac1dVQyJ9.eyJodHRwczovL2NlcnRpZmlkLmNvbS9yZWFsbSI6ImNlcnRpZmlkIiwiaHR0cHM6Ly9jZXJ0aWZpZC5jb20vY29ubmVjdGlvbiI6IkNlcnRpZklELVVzZXJzLURCIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRlc3QuY2VydGlmaWQuY29tLyIsInN1YiI6ImF1dGgwfGY1NDMwMjRjLWI3MWMtNGYwYy05ZmEzLWU0YzE5NDlhNzhkNCIsImF1ZCI6WyJodHRwczovL2FwaS5jZXJ0aWZpZC5jb20iLCJodHRwczovL2NlcnRpZmlkLXRlc3QudXMuYXV0aDAuY29tL3VzZXJpbmZvIl0sImlhdCI6MTYxMTMzNTY2NiwiZXhwIjoxNjExNDIyMDY2LCJhenAiOiJ2alFXQzFvVVZNbnFzQVMyczNRY0hrNTBDZHNhdXc0WiIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwgb2ZmbGluZV9hY2Nlc3MifQ.CIXtEym7Gxr70cRvOcFwKXFL2V3agC3lAdfZX0aRvZW8HBfM0ibnoqTjlN7wU9f2KAtX6ovFYBuEG_2xtQmt51ClYFf-FbU86zDrPCZtEU6xMA73ELCgavGi4Sew64KuBOcLc7fgXnnNFT_ZIH_560-smWqEW2gzFsFNExEBrj4MNC6cIRHosdYQsszyeMQicr4XG8vm0_gQFyTxtvVXlqZvl-B1FZlPHzc_I59WBZtwyaEUIiUXb6PnFtes-54Tf7EpLAGFHI2NlfQ4CECEFtiDvyLi7y3lh-yKGcShAGXC_FrCbhOh7hq2Rkm2NzHgntCLUcxy-pTU0mtc9I-E_g"; // Obtain a JWT to validate and put it in here
        const string id_token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlNeEpNV2YwTkF0blNDUFhac1dVQyJ9.eyJodHRwczovL2V4YW1wbGUuY29tL2dlb2lwIjp7ImNvdW50cnlfY29kZSI6IlVTIiwiY291bnRyeV9jb2RlMyI6IlVTQSIsImNvdW50cnlfbmFtZSI6IlVuaXRlZCBTdGF0ZXMiLCJjaXR5X25hbWUiOiJQZmx1Z2VydmlsbGUiLCJsYXRpdHVkZSI6MzAuNDQyMSwibG9uZ2l0dWRlIjotOTcuNjMzOSwidGltZV96b25lIjoiQW1lcmljYS9DaGljYWdvIiwiY29udGluZW50X2NvZGUiOiJOQSJ9LCJuaWNrbmFtZSI6ImpvaG4iLCJuYW1lIjoiam9obkB0ZXN0LmNlcnRpZmlkLmNvbSIsInBpY3R1cmUiOiJodHRwczovL3MuZ3JhdmF0YXIuY29tL2F2YXRhci84YTdiOWEwOTAyMmIyY2ZkODNlYmI0YjU4YzM3MTE5MT9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRmpvLnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIxLTAxLTIyVDE3OjE0OjE5Ljc2OVoiLCJlbWFpbCI6ImpvaG5AdGVzdC5jZXJ0aWZpZC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRlc3QuY2VydGlmaWQuY29tLyIsInN1YiI6ImF1dGgwfGY1NDMwMjRjLWI3MWMtNGYwYy05ZmEzLWU0YzE5NDlhNzhkNCIsImF1ZCI6InZqUVdDMW9VVk1ucXNBUzJzM1FjSGs1MENkc2F1dzRaIiwiaWF0IjoxNjExMzM1NjY2LCJleHAiOjE2MTEzNzE2NjZ9.U_BOjJoKps1ygjwEWegK97Jd_D4d47GDlOVlIpmMj2BjftRfOwx4ku1TFpV7KlMMKKBK4iFkrlZ8JSajXOniWdEeclQPMFDRr56KIeaDHmlZH1sFH22ccABLD0gJTx6tC9LZNmNc3wXlzsWx7PBxECogmx26YYuY3BMvreOPGcd7pzrI9q-Dc4dCrIb8kTnfes0AefERHafAM9vDKHds4IBQoccN-qVE7z1IaUP8XUH97aqnIUb_USfkBrJ15xOQXIyQMaPzplCB8pdXp9XvFyRj_Zr0YLTW9ekm3lokVHI7iyboKisQzQnX-igLcmXaaMH_Q_QE-ABQdqpncWVuuw";
​
        try
        {
            // First, the access token - it contains the "audience" for the ID token
            var accessToken = ValidateToken(access_token, certifidAuthDomain, certifidApiAudience);
​
            // Now, the ID token - first get the authorized party of the access_token, which is the audience of the id_token
            var idTokenAuthorizedParty = accessToken.Claims.First(c => c.Type == "azp").Value;
            var idToken = ValidateToken(id_token, certifidAuthDomain, idTokenAuthorizedParty);
​
            // Done!
            // The ValidateToken method above will return a ClaimsPrincipal. Get the user ID from the NameIdentifier claim
            // (The sub claim from the JWT will be translated to the NameIdentifier claim)
            Console.WriteLine($"Token is validated. User Id {accessToken.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value}");
            Console.WriteLine($"Token is validated. User Email {idToken.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email)?.Value}");
        }
        catch (Exception e)
        {
            Console.WriteLine($"Error occurred while validating token: {e.Message}");
            throw;
        }
    }
    
    private static ClaimsPrincipal ValidateToken(string token, string domain, string audience) {
        // Download the OIDC configuration which contains the JWKS
        // NB!!: Downloading this takes time, so do not do it very time you need to validate a token, Try and do it only once in the lifetime
        //     of your application!!
        IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"{domain}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
        OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async () => await configurationManager.GetConfigurationAsync(CancellationToken.None));
​
        // Configure the TokenValidationParameters. Assign the SigningKeys which were downloaded from Auth0. 
        // Also set the Issuer and Audience(s) to validate
        TokenValidationParameters validationParameters =
            new TokenValidationParameters
        {
            ValidIssuer = domain,
            ValidAudiences = new[] { audience },
            IssuerSigningKeys = openIdConfig.SigningKeys
        };
​
        // Now validate the token. If the token is not valid for any reason, an exception will be thrown by the method
        SecurityToken validatedToken;
        JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
        ClaimsPrincipal user = handler.ValidateToken(token, validationParameters, out validatedToken);
        return user;
    }
    
    
    internal static class AsyncHelper
    {
        private static readonly TaskFactory TaskFactory = new TaskFactory(CancellationToken.None, TaskCreationOptions.None, TaskContinuationOptions.None, TaskScheduler.Default);
​
        public static void RunSync(Func<Task> func)
        {
            TaskFactory.StartNew(func).Unwrap().GetAwaiter().GetResult();
        }
​
        public static TResult RunSync<TResult>(Func<Task<TResult>> func)
        {
            return TaskFactory.StartNew(func).Unwrap().GetAwaiter().GetResult();
        }
    }
}

View IL Code