Partilhar via


JwtSecurityTokenHandler.ValidateToken Method

Definition

Reads and validates a 'JSON Web Token' (JWT) encoded as a JWS or JWE in Compact Serialized Format.

public override System.Security.Claims.ClaimsPrincipal ValidateToken (string token, Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken);
override this.ValidateToken : string * Microsoft.IdentityModel.Tokens.TokenValidationParameters * SecurityToken -> System.Security.Claims.ClaimsPrincipal
Public Overrides Function ValidateToken (token As String, validationParameters As TokenValidationParameters, ByRef validatedToken As SecurityToken) As ClaimsPrincipal

Parameters

token
String

the JWT encoded as JWE or JWS

validationParameters
TokenValidationParameters

The TokenValidationParameters to be used for validating the token.

validatedToken
SecurityToken

The JwtSecurityToken that was validated.

Returns

A ClaimsPrincipal from the JWT. Does not include claims found in the JWT header.

Exceptions

validationParameters is null.

token.Length is greater than MaximumTokenSizeInBytes.

token was a JWE was not able to be decrypted.

token 'kid' header claim is not null AND decryption fails.

token 'enc' header claim is null or empty.

token 'exp' claim is < DateTime.UtcNow.

token 'aud' claim did not match either ValidAudience or one of ValidAudiences.

token 'nbf' claim is > 'exp' claim.

token.signature is not properly formatted.

TokenReplayCache is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.

token 'nbf' claim is > DateTime.UtcNow.

token could not be added to the TokenReplayCache.

token is found in the cache.

Remarks

Many of the exceptions listed above are not thrown directly from this method. See Validators to examine the call graph.

Applies to