Skip to content

Instantly share code, notes, and snippets.

@snobu

snobu/notes.md

Last active December 19, 2018 21:20
Show Gist options
  • Save snobu/684ea5b4d87c196f7253f5029e5feaea to your computer and use it in GitHub Desktop.
Save snobu/684ea5b4d87c196f7253f5029e5feaea to your computer and use it in GitHub Desktop.
Download ZIP
OpenID Connect notes
Raw
notes.md

Debug

The Stack

OpenID Connect
OAuth 2.0
HTTP

IdP Callback URL (Twitter/GitHub/etc):

https://login.microsoftonline.com/te/{tenant-name}.onmicrosoft.com/{policy_name}/oauth1/authresp

OpenID Configuration endpoint:

https://login.microsoftonline.com/{tenant-name}.onmicrosoft.com/v2.0/.well-known/openid-configuration?p={policy-name}

Obtaining OpenID Provider Configuration Information:

https://openid.net/specs/openid-connect-discovery-1_0.html

Using the Issuer location discovered as described in Section 2 or by other means, the OpenID Provider's configuration information can be retrieved.

OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string

/.well-known/openid-configuration

to the Issuer. The syntax and semantics of .well-known are defined in RFC 5785 and apply to the Issuer value when it contains no path component. openid-configuration MUST point to a JSON document compliant with this specification and MUST be returned using the application/json content type.

Example:

'https://accounts.google.com' + '/.well-known/openid-configuration'
'https://contoso.auth0.com' + '/.well-known/openid-configuration'

Test: https://accounts.google.com/.well-known/openid-configuration https://contoso.auth0.com/.well-known/openid-configuration

Authorize URI: https://login.microsoftonline.com/tfp/compromised.onmicrosoft.com/b2c_1_signupsignin/oauth2/v2.0/authorize

Redirect URI: https://oidcdebugger.com/debug

Client Id: 53a271ca-b41c-45d9-b5eb-02e5f235e824

Scope: openid offline_access openid offline_access

Raw
verify-jwt.cs
using System;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
// add
// Microsoft.IdentityModel.Protocols.OpenIdConnect
// System.IdentityModel.Tokens.Jwt
namespace verify_jwt
{
class Program
{
static void Main(string[] args)
{
SecurityToken validatedToken;
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"{Domain}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConfig = await configurationManager.GetConfigurationAsync(CancellationToken.None);
TokenValidationParameters validationParameters =
new TokenValidationParameters
{
ValidIssuer = "https://login.microsoftonline.com/7c75fc35-14f9-49ca-89f4-a16503239267/v2.0/",
ValidAudiences = new[] { "53a271ca-b41c-45d9-b5eb-02e5f235e824" },
IssuerSigningKeys = openIdConfig.SigningKeys
};
string id_token = "eyJ0eXA.........sQ";
var user = handler.ValidateToken(id_token, )
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment