JwtSecurityTokenHandler Class

Definition

A SecurityTokenHandler designed for creating and validating Json Web Tokens. See: https://datatracker.ietf.org/doc/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515

public class JwtSecurityTokenHandler : Microsoft.IdentityModel.Tokens.SecurityTokenHandler
type JwtSecurityTokenHandler = class
    inherit SecurityTokenHandler
Public Class JwtSecurityTokenHandler
Inherits SecurityTokenHandler
Inheritance
JwtSecurityTokenHandler

Constructors

JwtSecurityTokenHandler()

Initializes a new instance of the JwtSecurityTokenHandler class.

Fields

DefaultInboundClaimFilter

Default claim type filter list.

DefaultInboundClaimTypeMap

Default claim type mapping for inbound claims.

DefaultMapInboundClaims

Default value for the flag that determines whether or not the InboundClaimTypeMap is used.

DefaultOutboundAlgorithmMap

Default JwtHeader algorithm mapping

DefaultOutboundClaimTypeMap

Default claim type mapping for outbound claims.

Properties

CanValidateToken

Returns a value that indicates if this handler can validate a SecurityToken.

CanWriteToken

Gets the value that indicates if this instance can write a SecurityToken.

InboundClaimFilter

Gets or sets the ISet<T> used to filter claims when populating a ClaimsIdentity claims form a JwtSecurityToken. When a JwtSecurityToken is validated, claims with types found in this ISet<T> will not be added to the ClaimsIdentity.

The default value is ClaimTypeMapping.InboundClaimFilter.

InboundClaimTypeMap

Gets or sets the InboundClaimTypeMap which is used when setting the Type for claims in the ClaimsPrincipal extracted when validating a JwtSecurityToken.

The Type is set to the JSON claim 'name' after translating using this mapping.

The default value is ClaimTypeMapping.InboundClaimTypeMap.

JsonClaimTypeProperty

Gets or sets the property name of Properties the will contain .Net type that was recognized when Claims serialized the value to JSON.

See for more information.

MapInboundClaims

Gets or sets the MapInboundClaims property which is used when determining whether or not to map claim types that are extracted when validating a JwtSecurityToken.

If this is set to true, the Type is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs.

The default value is true.

MaximumTokenSizeInBytes

Gets and sets the maximum token size in bytes that will be processed.

(Inherited from TokenHandler)
OutboundAlgorithmMap

Gets the outbound algorithm map that is passed to the JwtHeader constructor.

OutboundClaimTypeMap

Gets or sets the OutboundClaimTypeMap which is used when creating a JwtSecurityToken from Claim(s).

The JSON claim 'name' value is set to Type after translating using this mapping.

The default value is ClaimTypeMapping.OutboundClaimTypeMap

SetDefaultTimesOnTokenCreation

Gets or sets a bool that controls if token creation will set default 'exp', 'nbf' and 'iat' if not specified.

(Inherited from TokenHandler)
ShortClaimTypeProperty

Gets or sets the property name of Properties the will contain the original JSON claim 'name' if a mapping occurred when the Claim(s) were created.

See for more information.

TokenLifetimeInMinutes

Gets or sets the token lifetime in minutes.

(Inherited from TokenHandler)
TokenType

Gets the type of the JwtSecurityToken.

Methods

CanReadToken(String)

Determines if the string is a well formed Json Web Token (JWT).

See: https://datatracker.ietf.org/doc/html/rfc7519

CanReadToken(XmlReader)

Indicates whether the XmlReader is positioned at an element that can be read.

(Inherited from SecurityTokenHandler)
CreateActorValue(ClaimsIdentity)

Creates the 'value' for the actor claim: { actort, 'value' }

CreateClaimsIdentity(JwtSecurityToken, String, TokenValidationParameters)

Creates a ClaimsIdentity from a JwtSecurityToken.

CreateEncodedJwt(SecurityTokenDescriptor)

Returns a Json Web Token (JWT).

CreateEncodedJwt(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials)

Creates a JWT in 'Compact Serialization Format'.

CreateEncodedJwt(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials, EncryptingCredentials)

Creates a JWT in 'Compact Serialization Format'.

CreateEncodedJwt(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials, EncryptingCredentials, IDictionary<String,Object>)

Creates a JWT in 'Compact Serialization Format'.

CreateJwtSecurityToken(SecurityTokenDescriptor)

Creates a Json Web Token (JWT).

CreateJwtSecurityToken(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials)

Creates a JwtSecurityToken

CreateJwtSecurityToken(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials, EncryptingCredentials)

Creates a JwtSecurityToken

CreateJwtSecurityToken(String, String, ClaimsIdentity, Nullable<DateTime>, Nullable<DateTime>, Nullable<DateTime>, SigningCredentials, EncryptingCredentials, IDictionary<String,Object>)

Creates a JwtSecurityToken

CreateSecurityTokenReference(SecurityToken, Boolean)

Returns SecurityKeyIdentifierClause.

(Inherited from SecurityTokenHandler)
CreateToken(SecurityTokenDescriptor)

Creates a Json Web Token (JWT).

DecryptToken(JwtSecurityToken, TokenValidationParameters)

Decrypts a JWE and returns the clear text

ReadJwtToken(String)

Converts a string into an instance of JwtSecurityToken.

ReadToken(String)

Converts a string into an instance of JwtSecurityToken.

ReadToken(XmlReader)

Gets security token.

(Inherited from SecurityTokenHandler)
ReadToken(XmlReader, TokenValidationParameters)

Deserializes token with the provided TokenValidationParameters.

ResolveIssuerSigningKey(String, JwtSecurityToken, TokenValidationParameters)

Returns a SecurityKey to use when validating the signature of a token.

ResolveTokenDecryptionKey(String, JwtSecurityToken, TokenValidationParameters)

Returns a SecurityKey to use when decryption a JWE.

ValidateAudience(IEnumerable<String>, JwtSecurityToken, TokenValidationParameters)

Determines if the audiences found in a JwtSecurityToken are valid.

ValidateIssuer(String, JwtSecurityToken, TokenValidationParameters)

Determines if the issuer found in a JwtSecurityToken is valid.

ValidateIssuerSecurityKey(SecurityKey, JwtSecurityToken, TokenValidationParameters)

Validates the SigningKey is an expected value.

ValidateLifetime(Nullable<DateTime>, Nullable<DateTime>, JwtSecurityToken, TokenValidationParameters)

Validates the lifetime of a JwtSecurityToken.

ValidateSignature(String, TokenValidationParameters)

Validates that the signature, if found or required, is valid.

ValidateToken(String, TokenValidationParameters, SecurityToken)

Reads and validates a 'JSON Web Token' (JWT) encoded as a JWS or JWE in Compact Serialized Format.

ValidateToken(XmlReader, TokenValidationParameters, SecurityToken)

Reads and validates a token using a xmlReader and TokenValidationParameters

(Inherited from SecurityTokenHandler)
ValidateTokenAsync(SecurityToken, TokenValidationParameters)

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

(Inherited from TokenHandler)
ValidateTokenAsync(String, TokenValidationParameters)

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

ValidateTokenPayload(JwtSecurityToken, TokenValidationParameters)

Validates the JSON payload of a JwtSecurityToken.

ValidateTokenReplay(Nullable<DateTime>, String, TokenValidationParameters)

Determines if a JwtSecurityToken is already validated.

WriteToken(SecurityToken)

Serializes a JwtSecurityToken into a JWT in Compact Serialization Format.

WriteToken(XmlWriter, SecurityToken)

Serializes to XML a token of the type handled by this instance.

Applies to