Class GoogleJsonWebSignature (1.68.0)

public class GoogleJsonWebSignature

Google JSON Web Signature as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount.

Inheritance

object > GoogleJsonWebSignature

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace

Google.Apis.Auth

Assembly

Google.Apis.Auth.dll

Methods

ValidateAsync(string, ValidationSettings)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, GoogleJsonWebSignature.ValidationSettings validationSettings)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the specified JWT fails any validation check.

Parameters
Name	Description
`jwt`	`string` The JWT to validate.
`validationSettings`	`GoogleJsonWebSignatureValidationSettings` Specifies how to carry out the validation.

Returns
Type	Description
`TaskGoogleJsonWebSignaturePayload`	The payload of the verified token.

Remarks

Follows the procedure to validate a JWT ID token.

Issued-at validation and expiry validation is performed using the clock on this local client, so local clock inaccuracies can lead to incorrect validation results. Use IssuedAtClockTolerance and ExpirationTimeClockTolerance to allow for local clock inaccuracy IssuedAtClockTolerance defaults to 30 seconds; it is very unlikely a JWT will be issued that isn't already valid. ExpirationTimeClockTolerance defaults to zero seconds; in some use-cases it may be useful to set this to a negative value to help ensure that passing local validation means it will pass server validation. Regardless of whether local validation passed, code must always correctly handle an invalid JWT error from the server.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting ForceGoogleCertRefresh to true.

Exceptions
Type	Description
`InvalidJwtException`	If the token does not pass verification.

ValidateAsync(string, IClock, bool)

public static Task<GoogleJsonWebSignature.Payload> ValidateAsync(string jwt, IClock clock = null, bool forceGoogleCertRefresh = false)

Validates a Google-issued Json Web Token (JWT). Will throw a InvalidJwtException if the passed value is not valid JWT signed by Google.

Parameters
Name	Description
`jwt`	`string` The JWT to validate.
`clock`	`IClock` Optional. The IClock to use for JWT expiration verification. Defaults to the system clock.
`forceGoogleCertRefresh`	`bool` Optional. If true forces new certificates to be downloaded from Google. Defaults to false.

Returns
Type	Description
`TaskGoogleJsonWebSignaturePayload`	The JWT payload, if the JWT is valid. Throws an InvalidJwtException otherwise.

Remarks

Follows the procedure to validate a JWT ID token.

Google certificates are cached, and refreshed once per hour. This can be overridden by setting forceGoogleCertRefresh to true.

Exceptions
Type	Description
`InvalidJwtException`	Thrown when passed a JWT that is not a valid JWT signed by Google.

Extension Method

Utilities.ThrowIfNull<T>(T, string)