Microsoft.IdentityModel.Validators
Generic class that validates the issuer for either JsonWebTokens or JwtSecurityTokens issued from the Microsoft identity platform (AAD).
Generic class that validates the issuer for either JsonWebTokens or JwtSecurityTokens issued from the Microsoft identity platform (AAD).
Validate the issuer for single and multi-tenant applications of various audiences (Work and School accounts, or Work and School accounts +
Personal accounts) and the various clouds.
Issuer to validate (will be tenanted).
Received security token.
The to be used for validating the token.
AadIssuerValidator aadIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(authority, httpClient);
TokenValidationParameters.IssuerValidator = aadIssuerValidator.Validate;
The issuer is considered as valid if it has the same HTTP scheme and authority as the
authority from the configuration file, has a tenant ID, and optionally v2.0 (if this web API
accepts both V1 and V2 tokens).
The issuer if it's valid, or otherwise SecurityTokenInvalidIssuerException is thrown.
if is null.
if is null.
if the issuer is invalid or if there is a network issue.
Validate the issuer for single and multi-tenant applications of various audiences (Work and School accounts, or Work and School accounts +
Personal accounts) and the various clouds.
Issuer to validate (will be tenanted).
Received security token.
The to be used for validating the token.
AadIssuerValidator aadIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(authority, httpClient);
TokenValidationParameters.IssuerValidator = aadIssuerValidator.Validate;
The issuer is considered as valid if it has the same HTTP scheme and authority as the
authority from the configuration file, has a tenant ID, and optionally v2.0 (if this web API
accepts both V1 and V2 tokens).
The issuer if it's valid, or otherwise SecurityTokenInvalidIssuerException is thrown.
if is null.
if is null.
if the issuer is invalid or if there is a network issue.
Gets an for an Azure Active Directory (AAD) authority.
The authority to create the validator for, e.g. https://login.microsoftonline.com/.
Optional HttpClient to use to retrieve the endpoint metadata (can be null).
AadIssuerValidator aadIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(authority, httpClient);
TokenValidationParameters.IssuerValidator = aadIssuerValidator.Validate;
A for the aadAuthority.
if is null or empty.
Gets an for an Azure Active Directory (AAD) authority.
The authority to create the validator for, e.g. https://login.microsoftonline.com/.
AadIssuerValidator aadIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(authority);
TokenValidationParameters.IssuerValidator = aadIssuerValidator.Validate;
A for the aadAuthority.
if is null or empty.
Gets an for an Azure Active Directory (AAD) authority.
The authority to create the validator for, e.g. https://login.microsoftonline.com/.
Optional HttpClient to use to retrieve the endpoint metadata (can be null).
Configuration manager provider. Injection point for metadata managed outside of the class.
AadIssuerValidator aadIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(authority, configurationManagerProvider);
TokenValidationParameters.IssuerValidator = aadIssuerValidator.Validate;
A for the aadAuthority.
if is null or empty.
Gets the tenant ID from a token.
A JWT token.
A string containing the tenant ID, if found or .
Only and are acceptable types.
Validate the issuer for single and multi-tenant applications of various audiences (Work and School accounts, or Work and School accounts +
Personal accounts) and the various clouds.
Issuer to validate (will be tenanted).
Received security token.
The to be used for validating the token.
The call context used for logging.
CancellationToken used to cancel call.
An that contains either the issuer that was validated or an error.
An EXACT match is required.
General constants for AAD Issuer Validator.
Old TenantId claim: "http://schemas.microsoft.com/identity/claims/tenantid".
New Tenant Id claim: "tid".
Tfp claim: "tfp".
Class representing the last known good for issuer.
Gets or sets the issuer value.
Gets or sets the last known good lifetime.
Gets an indicator whether the value is still within its lifetime and is valid.
AAD protocol version.
Protocol version 1.0
Protocol version 1.1
Protocol version 2.0
A generic class for additional validation checks on issued by the Microsoft identity platform (AAD).
Enables validation of the cloud instance of the Microsoft Entra ID token signing keys.
The that are used to validate the token.
Enables the validation of the issuer of the signing keys used by the Microsoft identity platform (AAD) against the issuer of the token.
The that are used to validate the token.
Validates the issuer signing key.
The that signed the .
The being validated, could be a JwtSecurityToken or JsonWebToken.
The provided.
true if the issuer of the signing key is valid; otherwise, false.
Validates the cloud instance of the signing key.
The that signed the .
The provided.
Validates the issuer signing key certificate.
The that signed the .
The that are used to validate the token.
true if the issuer signing key certificate is valid; otherwise, false.
A generic class for additional validation checks on issued by the Microsoft identity platform (AAD).
Enables validation of the cloud instance of the Microsoft Entra ID token signing keys.
The that are used to validate the token.
Enables the validation of the issuer of the signing keys used by the Microsoft identity platform (AAD) against the issuer of the token.
The that are used to validate the token.
Validates the cloud instance of the signing key.
The that signed the .
The provided.
Validates the issuer signing key certificate.
The that signed the .
The that are used to validate the token.
true if the issuer signing key certificate is valid; otherwise, false.
Log messages and codes