Access token validator. More...

Public Member Functions
	AccessTokenValidator (IAuthleteApi api)
	Constructor. More...

async Task< bool >	Validate (string accessToken, string[] requiredScopes=null, string requiredSubject=null)
	Validate an access token. More...

Properties
Boolean	IsValid `[get]`
	The flag whether the access token given to `Validate()` is valid or not. After a call of `Validate()` method, this property holds the same value returned from `Validate()`. More...

IntrospectionResponse	IntrospectionResult `[get]`
	A response from Authlete's `/api/auth/introspection` API. `Validate()` method internally calls `/api/auth/introspection` API and sets the response to this property. Note that this property remains `null` if the API call threw an exception, and in that error case, the `IntrospectionError` property is set. More...

Exception	IntrospectionError `[get]`
	`Validate()` method internally calls Authlete's `/api/auth/introspection` API. If the API call threw an exception, the exception would be set to this property. Note that this property remains `null` if the API call succeeded, and in that successful case, the `IntrospectionResult` property is set. More...

HttpResponseMessage	ErrorResponse `[get]`
	An error response that the API caller (here assuming that the API caller is an implementation of a protected resource endpoint) should return to the client application. This property is internally set by `Validate()` method when `Validate()` returns `false`. The error response complies with RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage). More...

Detailed Description

Access token validator.

// An implementation of IAuthleteApi interface.
IAuthleteApi api = ...;
 
// Create an access token validator.
var validator = new AccessTokenValidator(api);
 
// Extract an access token from the request.
string accessToken = ...;
 
// Validate the access token. Note that Validate() method
// can take optional parameters, 'requiredScopes' and
// 'requiredSubject' in addition to 'accessToken'.
bool valid = await validator.Validate(accessToken);
 
// If the access token is not valid.
if (valid == false)  // 'if (validator.IsValid)' works, too.
{
    // If the call to /api/auth/introspection API made by
    // the implementation of Validate() method succeeded,
    // the 'IntrospectionResult' property holds the
    // response from the API.
    IntrospectionResponse info = validator.IntrospectionResult;
 
    // When Validate() method returns false, the
    // 'ErrorResponse' property holds an error response
    // that complies with RFC 6750.
    HttpResponseMessage response = validator.ErrorResponse;
 
    // Return the error response to the client application.
    return response;
}
 
// The access token is valid. The 'IntrospectionResult'
// property holds the response from /api/auth/introspection.
IntrospectionResponse info = validator.IntrospectionResult;

Since version 1.0.7.

Constructor & Destructor Documentation

◆ AccessTokenValidator()

AccessTokenValidator ( IAuthleteApi api )

inline

Constructor.

Parameters

api	An implementation of the `IAuthleteApi` interface. This is required because `Validate()` method internally calls Authlete's `/api/auth/introspection` API.

Member Function Documentation

◆ Validate()

async Task<bool> Validate	(	string	accessToken,
		string[]	requiredScopes = `null`,
		string	requiredSubject = `null`
	)

inline

Validate an access token.

On entry, as the first step, the implementation of this method resets the following properties to false or null.

IsValid
IntrospectionResult
IntrospectionError
ErrorResponse

Then, this method internally calls Authlete's /api/auth/introspection API to get information about the access token.

If the API call failed, the exception thrown by the API call is set to the IntrospectionError property and an error response (500 Internal Server Error) that should be returned to the client application is set to the ErrorResponse property. Then, this method sets false to the IsValid property and returns false.

If the API call succeeded, the response from the API is set to the IntrospectionResult property. Then, the implementation of this method checks the value of the "action" parameter in the response from the API.

If the value of the "action" parameter is "OK", this method sets true to the IsValid property and returns true.

If the value of the "action" parameter is not "OK", this method builds an error response that should be returned to the client application and sets it to the ErrorResponse property. Then, this method sets false to the IsValid property and returns false.

Returns: If the given access token exists and has not expired, and optionally if the access token covers all the required scopes (in case requiredScopes was given) and the access token is associated with the required subject (in case requiredSubject was given), this method returns true. In other cases, this method returns false.

Parameters

accessToken An access token to be validated.

Parameters

requiredScopes Scopes that the access token should have. If a non-null value is given to this parameter, the implementation of Authlete's /api/auth/introspection API checks whether the access token covers all the required scopes. On the other hand, if null is given to this parameter, Authlete does not conduct the validation.

Parameters

requiredSubject Subject (= unique identifier of an end-user) that the access token should be associated with. If a non-null value is given to this parameter, the implementation of Authlete's /api/auth/introspection API checks whether the access token is associated with the required subject. On the other hand, if null is given to this parameter, Authlete does not conduct the validation.

Property Documentation

◆ ErrorResponse

HttpResponseMessage ErrorResponse

get

An error response that the API caller (here assuming that the API caller is an implementation of a protected resource endpoint) should return to the client application. This property is internally set by Validate() method when Validate() returns false. The error response complies with RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage).

On entry of Validate() method, this property is reset to null.

◆ IntrospectionError

Exception IntrospectionError

get

Validate() method internally calls Authlete's /api/auth/introspection API. If the API call threw an exception, the exception would be set to this property. Note that this property remains null if the API call succeeded, and in that successful case, the IntrospectionResult property is set.

On entry of Validate() method, this property is reset to null.

◆ IntrospectionResult

IntrospectionResponse IntrospectionResult

get

A response from Authlete's /api/auth/introspection API. Validate() method internally calls /api/auth/introspection API and sets the response to this property. Note that this property remains null if the API call threw an exception, and in that error case, the IntrospectionError property is set.

On entry of Validate() method, this property is reset to null.

◆ IsValid

Boolean IsValid

get

The flag whether the access token given to Validate() is valid or not. After a call of Validate() method, this property holds the same value returned from Validate().

On entry of Validate() method, this property is reset to false.

The documentation for this class was generated from the following file:

Authlete/Web/AccessTokenValidator.cs

Public Member Functions

Properties

Detailed Description

Constructor & Destructor Documentation

◆ AccessTokenValidator()

Member Function Documentation

◆ Validate()

Property Documentation

◆ ErrorResponse

◆ IntrospectionError

◆ IntrospectionResult

◆ IsValid