JwtSecurityTokenHandler.ValidateToken Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Reads and validates a 'JSON Web Token' (JWT) encoded as a JWS or JWE in Compact Serialized Format.
public override System.Security.Claims.ClaimsPrincipal ValidateToken (string token, Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken);
override this.ValidateToken : string * Microsoft.IdentityModel.Tokens.TokenValidationParameters * SecurityToken -> System.Security.Claims.ClaimsPrincipal
Public Overrides Function ValidateToken (token As String, validationParameters As TokenValidationParameters, ByRef validatedToken As SecurityToken) As ClaimsPrincipal
Parameters
- token
- String
the JWT encoded as JWE or JWS
- validationParameters
- TokenValidationParameters
The TokenValidationParameters to be used for validating the token.
- validatedToken
- SecurityToken
The JwtSecurityToken that was validated.
Returns
A ClaimsPrincipal from the JWT. Does not include claims found in the JWT header.
Exceptions
validationParameters
is null.
token
.Length is greater than MaximumTokenSizeInBytes.
CanReadToken(String) returns false.
token
was a JWE was not able to be decrypted.
token
'kid' header claim is not null AND decryption fails.
token
'enc' header claim is null or empty.
token
'exp' claim is < DateTime.UtcNow.
token
'aud' claim did not match either ValidAudience or one of ValidAudiences.
token
'nbf' claim is > 'exp' claim.
token
.signature is not properly formatted.
TokenReplayCache is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.
token
'nbf' claim is > DateTime.UtcNow.
token
could not be added to the TokenReplayCache.
token
is found in the cache.
Remarks
Many of the exceptions listed above are not thrown directly from this method. See Validators to examine the call graph.