Microsoft.IdentityModel.JsonWebTokens

Initializes static members of the class.

Gets the InboundClaimTypeMap used by JwtSecurityTokenHandler when producing claims from jwt.

Gets the OutboundClaimTypeMap is used by JwtSecurityTokenHandler to shorten claim types when creating a jwt.

Constants that indicate how the should be evaluated.

A value that indicates the is a Json object.

When creating a from Json if the value was not a simple type {String, Null, True, False, Number} then will contain the Json value. If the Json was a JsonObject, the will be set to "JSON".

A value that indicates the is a Json object.

When creating a from Json if the value was not a simple type {String, Null, True, False, Number} then will contain the Json value. If the Json was a JsonArray, the will be set to "JSON_ARRAY".

A value that indicates the is Json null.

When creating a the cannot be null. If the Json value was null, then the will be set to and the will be set to "JSON_NULL".

A designed for representing a JSON Web Token (JWT).

Initializes a new instance of from a string in JWS or JWE Compact serialized format.

A JSON Web Token that has been serialized in JWS or JWE Compact serialized format. Thrown if is null or empty. Thrown if is not in JWS or JWE Compact Serialization format. See: (JWT). See: (JWS). See: (JWE). The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in

Initializes a new instance of from a ReadOnlyMemory{char} in JWS or JWE Compact serialized format.

A ReadOnlyMemory{char} containing the JSON Web Token serialized in JWS or JWE Compact format. Thrown if is empty. Thrown if does not represent a valid JWS or JWE Compact Serialization format. See: (JWT). See: (JWS). See: (JWE). The contents of the returned have not been validated; the JSON Web Token is simply decoded. Validation can be performed using the methods in .

Initializes a new instance of the class where the header contains the crypto algorithms applied to the encoded header and payload.

A string containing JSON which represents the cryptographic operations applied to the JWT and optionally any additional properties of the JWT. A string containing JSON which represents the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }. Can be the empty. See: (JWT). See: (JWS). See: (JWE). The contents of the returned have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using the validation methods in Thrown if is null or empty. Thrown if is null.

Gets the AuthenticationTag from the original raw data of this instance when it was created.

Contains the results of a Authentication Encryption with Associated Data (AEAD). See: . If this JWT is not encrypted with an algorithms that uses an Authentication Tag, an empty string will be returned.

Gets or sets the AuthenticationTag as byte array.

Gets the Ciphertext representing the encrypted JWT in the original raw data.

When decrypted using values in the JWE header will contain the plaintext payload. See: . If this JWT is not encrypted, an empty string will be returned.

Gets or sets the Ciphertext as byte array.

Gets the EncodedHeader from the original raw data of this instance when it was created.

The original Base64UrlEncoded string of the JWT header.

Gets the Encrypted Content Encryption Key.

For some algorithms this value may be null even though the JWT was encrypted. See: . If not found, an empty string is returned.

Gets the EncodedPayload from the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT payload, for JWE this will an empty string.

Gets the EncodedSignature from the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT signature. If the JWT was not signed or a JWE, an empty string is returned.

Gets the original raw data of this instance when it was created.

The original Base64UrlEncoded of the JWT.

Gets the Initialization Vector used when encrypting the plaintext.

See: . Some algorithms may not use an Initialization Vector. If not found an empty string is returned.

Gets the associated with this instance.

See: . For encrypted tokens (JWE), this represents the JWT that was encrypted. If the JWT is not encrypted, this value will be null.

Returns if this JsonWebToken was encrypted a JWE.

Returns if this JsonWebToken was signed a JWS.

Not implemented.

Gets or sets the that was used to sign this token.

If the JWT was not signed or validated, this value will be null.

Converts a span into an instance of .

A span representing a JSON Web Token (JWT) in JWS or JWE Compact Serialization format. Thrown if is malformed, a valid JWT should have either 2 dots (JWS) or 4 dots (JWE). Thrown if does not have a non-empty authentication tag after the 4th dot for a JWE. Thrown if has more than 4 dots.

Returns the encoded token without signature or authentication tag.

Encoded token string without signature or authentication tag.

Gets a where each claim in the JWT { name, value } is returned as a .

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type.

Gets a representing the { key, 'value' } pair corresponding to the provided .

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type. If the key has no corresponding value, this method will throw.

Gets the names of the payload claims on the JsonWebToken.

Try to get a representing the { key, 'value' } pair corresponding to the provided . The value is obtained from the Payload.

A requires each value to be represented as a string. If the value was not a string, then contains the json type. and to determine the json type. true if successful, false otherwise.

Gets the 'value' corresponding to key from the JWT header transformed as type 'T'.

The expectation is that the 'value' corresponds to a type are expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. The value as . Thrown if claim is not found or a transformation to cannot be made.

Gets the 'value' corresponding to key from the JWT payload transformed as type 'T'.

The expectation is that the 'value' corresponds to a type are expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. The value as . Thrown if claim is not found or a transformation to cannot be made.

Tries to get the claim from the JWT payload.

The 'value' a type T if possible. if successful, false otherwise.

Tries to get the value corresponding to the provided key from the JWT header { key, 'value' }.

The expectation is that the 'value' corresponds to a type expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. if successful, false otherwise.

Try to get the 'value' corresponding to key from the JWT payload transformed as type 'T'.

The expectation is that the 'value' corresponds to a type are expected in a JWT token. The 5 basic types: number, string, true / false, nil, array (of basic types). This is not a general purpose translation layer for complex types. if successful, false otherwise.

Gets the 'value' of the 'alg' claim from the header.

Identifies the cryptographic algorithm used to encrypt or determine the value of the Content Encryption Key. Applicable to an encrypted JWT (JWE). See: . If the 'alg' claim is not found, an empty string is returned.

Gets the 'value' of the 'cty' claim from the header.

Used by JWS applications to declare the media type[IANA.MediaTypes] of the secured content (the payload). See: (JWE). See: (JWS). If the 'cty' claim is not found, an empty string is returned.

Gets the 'value' of the 'enc' claim from the header.

Identifies the content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext and the Authentication Tag. See: .

Gets the 'value' of the 'kid' claim from the header.

'kid'is a hint indicating which key was used to secure the JWS. See: (JWS). See: (JWE). If the 'kid' claim is not found, an empty string is returned.

Gets the 'value' of the 'typ' claim from the header.

Is used by JWT applications to declare the media type. See: . If the 'typ' claim is not found, an empty string is returned.

Gets the 'value' of the 'x5t' claim from the header.

Is the base64url-encoded SHA-1 thumbprint(a.k.a.digest) of the DER encoding of the X.509 certificate used to sign this token. See: . If the 'x5t' claim is not found, an empty string is returned.

Gets the 'value' of the 'zip' claim from the header.

The "zip" (compression algorithm) applied to the plaintext before encryption, if any. See: . If the 'zip' claim is not found, an empty string is returned.

Gets the 'value' of the 'actort' claim the payload.

If the 'actort' claim is not found, an empty string is returned.

Gets the list of 'aud' claims from the payload.

Identifies the recipients that the JWT is intended for. See: . If the 'aud' claim is not found, enumeration will be empty.

Gets the 'azp' claim from the payload.

Identifies the authorized party for the id_token. See: . If the 'azp' claim is not found, an empty string is returned.

Gets the 'value' of the 'iat' claim converted to a from the payload.

Identifies the time at which the JWT was issued. See: . If the 'iat' claim is not found, then is returned.

Gets the 'value' of the 'iss' claim from the payload.

Identifies the principal that issued the JWT. See: . If the 'iss' claim is not found, an empty string is returned.

Gets the 'value' of the 'jti' claim from the payload.

Provides a unique identifier for the JWT. See: . If the 'jti' claim is not found, an empty string is returned.

Gets the 'value' of the 'sub' claim from the payload.

See: . Identifies the principal that is the subject of the JWT. If the 'sub' claim is not found, an empty string is returned.

Gets the 'value' of the 'nbf' claim converted to a from the payload.

Identifies the time before which the JWT MUST NOT be accepted for processing. See: . If the 'nbf' claim is not found, then is returned.

Gets the 'value' of the 'exp' claim converted to a from the payload.

Identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. See: . If the 'exp' claim is not found, then is returned.

A designed for creating and validating Json Web Tokens. See: https://datatracker.ietf.org/doc/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515.

This partial class is focused on TokenCreation.

A designed for creating and validating JSON Web Tokens. See: and .

This partial class contains methods and logic related to the validation of tokens. This partial class contains methods and logic related to the validation of tokens' signatures. This partial class contains methods and logic related to the validation of tokens.

Creates a from a .

The to use as a source. The to be used for validating the token. A containing the .

Creates a from a with the specified issuer.

The to use as a source. The to be used for validating the token. Specifies the issuer for the . A containing the .

Creates an unsigned JSON Web Signature (JWS).

A string containing JSON which represents the JWT token payload. Thrown if is null. A JWS in Compact Serialization format.

Creates an unsigned JSON Web Signature (JWS).

A string containing JSON which represents the JWT token payload. Defines the dictionary containing any custom header claims that need to be added to the JWT token header. Thrown if is null. Thrown if is null. A JWS in Compact Serialization format.

Creates a JSON Web Signature (JWS).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWS. Thrown if is null. Thrown if is null. A JWS in Compact Serialization format.

Creates a JSON Web Signature (JWS).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWS. Defines the dictionary containing any custom header claims that need to be added to the JWT token header. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if , , , and/or are present inside of . A JWS in Compact Serialization format.

Creates a JWT that can be a JWS or JWE.

A that contains details of contents of the token. A JWT in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to encrypt the JWT. A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to encrypt the JWT. Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if , , , and/or are present inside of . A JWS in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. Thrown if is null. Thrown if is null. Thrown if is null. A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if , , , and/or are present inside of . A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. The security key and algorithm that will be used to encrypt the JWT. The compression algorithm that will be used to compress the JWT token payload. Thrown if is null. Thrown if is null. Thrown if is null or empty. A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. Defines the compression algorithm that will be used to compress the JWT token payload. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. Defines the compression algorithm that will be used to compress the JWT token payload. Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Defines the dictionary containing any custom header claims that need to be added to the inner JWT token header. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if , , , and/or are present inside of . A JWE in Compact Serialization format.

Creates a JSON Web Encryption (JWE).

A string containing JSON which represents the JWT token payload. Defines the security key and algorithm that will be used to sign the JWT. Defines the security key and algorithm that will be used to encrypt the JWT. Defines the compression algorithm that will be used to compress the JWT token payload. Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if is null. Thrown if , , , and/or are present inside of . A JWE in Compact Serialization format.

A can contain claims from multiple locations. This method consolidates the claims and adds default times {exp, iat, nbf} if needed. In the case of a claim from this set: {Audience, Issuer, Expires, IssuedAt, NotBefore} being defined in multiple locations in the SecurityTokenDescriptor, the following priority is used: SecurityTokenDescriptor.{Audience/Audiences, Issuer, Expires, IssuedAt, NotBefore} > SecurityTokenDescriptor.Claims > SecurityTokenDescriptor.Subject.Claims

The to use. The used to create the token. A boolean that controls if expiration, notbefore, issuedat should be added if missing. The default value for the token lifetime in minutes. A dictionary of claims.

Encrypts a JWS.

A JSON Web Token (JWT) in JWS Compact Serialization format. Defines the security key and algorithm that will be used to encrypt the . Thrown if is null or empty. Thrown if is null. Thrown if both and are null. Thrown if the CryptoProviderFactory being used does not support the (algorithm), pair. Thrown if unable to create a token encryption provider for the (algorithm), pair. Thrown if encryption fails using the (algorithm), pair. Thrown if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Encrypts a JWS.

A JSON Web Token (JWT) in JWS Compact Serialization format. Defines the security key and algorithm that will be used to encrypt the . Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Thrown if is null or empty. Thrown if is null. Thrown if is null. Thrown if both and are null. Thrown if the CryptoProviderFactory being used does not support the (algorithm), pair. Thrown if unable to create a token encryption provider for the (algorithm), pair. Thrown if encryption fails using the (algorithm), pair. Thrown if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Encrypts a JWS.

A JSON Web Token (JWT) in JWS Compact Serialization format. Defines the security key and algorithm that will be used to encrypt the . Defines the compression algorithm that will be used to compress the . Thrown if is null or empty. Thrown if is null. Thrown if is null or empty. Thrown if both and are null. Thrown if the CryptoProviderFactory being used does not support the (algorithm), pair. Thrown if unable to create a token encryption provider for the (algorithm), pair. Thrown if compression using fails. Thrown if encryption fails using the (algorithm), pair. Thrown if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Encrypts a JWS.

A JSON Web Token (JWT) in JWS Compact Serialization format. Defines the security key and algorithm that will be used to encrypt the . Defines the compression algorithm that will be used to compress the Defines the dictionary containing any custom header claims that need to be added to the outer JWT token header. Thrown if is null or empty. Thrown if is null. Thrown if is null or empty. Thrown if is null or empty. Thrown if both and are null. Thrown if the CryptoProviderFactory being used does not support the (algorithm), pair. Thrown if unable to create a token encryption provider for the (algorithm), pair. Thrown if compression using 'algorithm' fails. Thrown if encryption fails using the (algorithm), pair. Thrown if not using one of the supported content encryption key (CEK) algorithms: 128, 384 or 512 AesCbcHmac (this applies in the case of key wrap only, not direct encryption).

Default claim type mapping for inbound claims.

Default value for the flag that determines whether or not the InboundClaimTypeMap is used.

Gets the Base64Url encoded string representation of the following JWT header: { , }.

The Base64Url encoded string representation of the unsigned JWT header.

Initializes a new instance of the class.

Gets the type of the .

The type of .

Gets or sets the property name of the will contain the original JSON claim 'name' if a mapping occurred when the (s) were created.

Thrown if 'value' is null or whitespace.

Gets or sets the property which is used when determining whether or not to map claim types that are extracted when validating a . If this is set to true, the is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs. The default value is false.

Gets or sets the which is used when setting the for claims in the extracted when validating a . The is set to the JSON claim 'name' after translating using this mapping. The default value is ClaimTypeMapping.InboundClaimTypeMap.

Thrown if 'value' is null.

Determines if the string is a well formed JSON Web Token (JWT). See: .

String that should represent a valid JWT. Uses matching: JWS: @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (dir): @"^[A-Za-z0-9-_]+\.\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" JWE: (wrappedkey): @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]$" if the token is null or whitespace. if token.Length is greater than . if the token is in JSON Compact Serialization format.

Creates a from a .

The to use as a source. The to be used for validating the token. A containing the .

Creates a from a with the specified issuer.

The to use as a source. The to be used for validating the token. Specifies the issuer for the . A containing the .

Decrypts a JWE and returns the clear text.

The JWE that contains the cypher text. The to be used for validating the token. The decoded / cleartext contents of the JWE. Thrown if is null. Thrown if is null. Thrown if is null or empty. Thrown if the decompression failed. Thrown if is not null AND the decryption fails. Thrown if the JWE was not able to be decrypted.

Returns a to use when decrypting a JWE.

The the token that is being decrypted. The that is being decrypted. The to be used for validating the token. A to use for signature validation. If key fails to resolve, then null is returned.

Converts a string into an instance of .

A JSON Web Token (JWT) in JWS or JWE Compact Serialization format. A . Thrown if is null or empty. Thrown if the length of is greater than . If the is in JWE Compact Serialization format, only the protected header will be deserialized. This method is unable to decrypt the payload. Use to obtain the payload. The token is NOT validated and no security decisions should be made about the contents. Use or to ensure the token is acceptable.

Converts a string into an instance of .

A JSON Web Token (JWT) in JWS or JWE Compact Serialization format. A . Thrown if is null or empty. Thrown if the length of is greater than . The token is NOT validated and no security decisions should be made about the contents. Use or to ensure the token is acceptable.

Converts a string into an instance of .

A JSON Web Token (JWT) in JWS or JWE Compact Serialization format. A whose TokenReader, if set, will be used to read a JWT. A . Thrown if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid . Thrown if is not a valid JWT, .

Decrypts a JWE and returns the clear text.

The JWE that contains the cypher text. The to be used for validating the token. The to be used for validating the token. The decoded / cleartext contents of the JWE.

Returns a to use when decrypting a JWE.

The the token that is being decrypted. The that is being decrypted. The to be used for validating the token. The call context used for logging. A to use for signature validation. If key fails to resolve, then null is returned.

Converts a string into an instance of , returned inside of a .

A JSON Web Token (JWT) in JWS or JWE Compact Serialization format. A with the if valid, or an error. returned if is null or empty. returned if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid . returned if is not a valid JWT, .

Validates the JWT signature.

The JWT token to validate. The parameters used for validation. The optional configuration used for validation. The context in which the method is called. Returned if or is null." Returned by the default implementation if the token is not signed, or if the validation fails. Returned if the algorithm is not supported by the key. Returned if the key cannot be resolved.

Returns a value that indicates if this handler can validate a .

if this instance can validate a .

Validates the JWT signature.

Validates a JWS or a JWE.

A JSON Web Token (JWT) in JWS or JWE Compact Serialization format. The to be used for validating the token. A .

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

The token to be validated. The to be used for validating the token. A . TokenValidationResult.Exception will be set to one of the following exceptions if the is invalid. Thrown if is null or empty. Thrown if is null. Thrown if 'token.Length' is greater than . Thrown if is not a valid , Thrown if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid ,

Internal method for token validation, responsible for: (1) Obtaining a configuration from the . (2) Revalidating using the Last Known Good Configuration (if present), and obtaining a refreshed configuration (if necessary) and revalidating using it.

The JWT token. The to be used for validating the token.

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

The token to be validated. The to be used for validating the token. A that contains useful information for logging. A that can be used to request cancellation of the asynchronous operation. A with either a if the token was validated or an with the failure information and exception otherwise. ValidationError.GetException() will return one of the following exceptions if the is invalid. Returned if is null or empty. Returned if is null. Returned if 'token.Length' is greater than . Returned if is not a valid , Returned if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid ,

This class provides an abstraction over the json parser for net461+ using System.Text.Json. will delegate to this class to get values.

Retrieves a value of the specified type associated with the given claim from a JWT token. The 5 basic types: number, string, true/false, nil, array (of basic types). This method is not designed to handle complex types. For that we would need to provide a way to hook a JsonConverter to for complex types.

The type of the value to retrieve. The key associated with the claim to retrieve. Indicates whether to throw an exception if the key is not found. Outputs a boolean indicating whether the key was found. The value associated with the specified key.

The return types that are expected in a JWT token. The 5 basic types: number, string, true/false, nil, array (of basic types). This is not a general purpose translation layer for complex types. For that, we would need to provide a way to hook a JsonConverter for complex types.

The type of the value to retrieve. The key associated with the value to retrieve. The retrieved value associated with the specified key, if found. if the key was found; otherwise, .

Constants for JSON Web Tokens.

Short header type.

Long header type.

Short token type.

Long token type.

JWS - Token format: 'header.payload.signature'. Signature is optional, but '.' is required.

JWE - Token format: 'protectedheader.encryptedkey.iv.cyphertext.authenticationtag'.

The number of parts in a JWE token.

The number of parts in a JWS token.

The maximum number of parts in a JWT.

JWE header alg indicating a shared symmetric key is directly used as CEK.

Defines JOSE header parameter names. See: .

See: .

See: .

See: .

See: .

See: and .

See: .

See: .

See: .

See: .

See: .

See: and .

See: .

See: .

See: .

See: .

Parameter names for JsonWebToken header values as UTF8 bytes. Used by UTF8JsonReader/Writer for performance gains.

Defines the standard claim names as per the JWT (JSON Web Token) specification. See: . See: . See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

See: .

Parameter names for JsonWebToken registered claim names in UTF8 bytes. Used by UTF8JsonReader/Writer for performance gains.

Represents the parameters needed to decrypt a JSON Web Token. The JwtSecurityTokenHandler uses this as a helper when decrypting a JwtSecurityToken, the JsonWebTokenHandler sets the JsonWebToken property.

Gets or sets signature algorithm that was used to create the signature.

Gets or sets the AuthenticationTag from the original raw data of this instance when it was created.

Gets or sets the Ciphertext from the original raw data of this instance when it was created.

Gets or sets the function used to attempt decompression with.

Gets or sets the encryption algorithm (Enc) of the token.

Gets the EncodedHeader from the original raw data of this instance when it was created.

Gets or sets the EncodedHeader from the original raw data of this instance when it was created.

Gets or sets the InitializationVector from the original raw data of this instance when it was created.

Gets or sets the collection of s to attempt to decrypt with.

Gets and sets the maximum deflate size in chars that will be processed.

Gets or sets the value of the 'zip' claim.

A class which contains useful methods for processing JWT tokens.

Regex that is used to figure out if a token is in JWS format.

Regex that is used to figure out if a token is in JWE format.

Produces a signature over the .

The value to be signed. The that contain crypto specs used to sign the token. The base 64 url encoded signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ). Thrown if or is null.

Produces a signature over the .

The value to be signed. The that contain crypto specs used to sign the token. Indicates whether the should be cached. The base 64 url encoded signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ). Thrown if or is null.

Decompress JWT token bytes.

The JWT token bytes to be decompressed. The algorithm used for decompression. The maximum allowable size for the decompressed data. Thrown if is null. Thrown if is null. Thrown if the decompression is not supported. Thrown if decompression using fails. The decompressed JWT token.

Decrypts a JWT token.

The JWT token, could be a JwtSecurityToken or JsonWebToken. The to be used for validating the token. The decryption parameters container. The decrypted, and if the 'zip' claim is set, decompressed string representation of the token.

Generates key bytes.

Gets all decryption keys.

Returns a to use when validating the signature of a token.

The kid field of the token being validated. The x5t field of the token being validated. The to be used for validating the token. The that will be used along with the to resolve the signing key. A to use for signature validation. Resolve the signing key using configuration then the validationParameters until a key is resolved. If key fails to resolve, then null is returned.

Returns a to use when validating the signature of a token.

The kid field of the token being validated. The x5t field of the token being validated. A collection of a signing key to be resolved from. A to use for signature validation. If key fails to resolve, then is returned.

Counts the number of JWT token segments.

The JWT token. The maximum number of segments to count up to. The number of segments up to .

Decrypts a JWT token.

The JWT token to decrypt. The to be used for validating the token. The decryption parameters container. The call context used for logging. The decrypted, and if the 'zip' claim is set, decompressed string representation of the token.

Log messages and codes