44 lines
1.3 KiB
C#
44 lines
1.3 KiB
C#
using System.Text.Json;
|
|
|
|
namespace StellaOps.Auth.Security.Dpop;
|
|
|
|
public sealed partial class DpopProofValidator
|
|
{
|
|
private bool TryReadNonce(
|
|
JsonElement payloadElement,
|
|
string? expectedNonce,
|
|
out string? actualNonce,
|
|
out DpopValidationResult failure)
|
|
{
|
|
actualNonce = null;
|
|
failure = default!;
|
|
|
|
if (expectedNonce is not null)
|
|
{
|
|
if (!payloadElement.TryGetProperty("nonce", out var nonceElement) ||
|
|
nonceElement.ValueKind != JsonValueKind.String)
|
|
{
|
|
failure = DpopValidationResult.Failure("invalid_token", "DPoP proof missing nonce claim.");
|
|
return false;
|
|
}
|
|
|
|
actualNonce = nonceElement.GetString();
|
|
if (!string.Equals(actualNonce, expectedNonce, StringComparison.Ordinal))
|
|
{
|
|
failure = DpopValidationResult.Failure("invalid_token", "DPoP nonce mismatch.");
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
if (payloadElement.TryGetProperty("nonce", out var optionalNonce) &&
|
|
optionalNonce.ValueKind == JsonValueKind.String)
|
|
{
|
|
actualNonce = optionalNonce.GetString();
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|