JwtSecurityTokenHandler.ValidateToken Method

Reference

Definition

Namespace:: System.IdentityModel.Tokens.Jwt

Assembly:: System.IdentityModel.Tokens.Jwt.dll

Package:: System.IdentityModel.Tokens.Jwt v7.5.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Reads and validates a 'JSON Web Token' (JWT) encoded as a JWS or JWE in Compact Serialized Format.

public override System.Security.Claims.ClaimsPrincipal ValidateToken (string token, Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken);

override this.ValidateToken : string * Microsoft.IdentityModel.Tokens.TokenValidationParameters * SecurityToken -> System.Security.Claims.ClaimsPrincipal

Public Overrides Function ValidateToken (token As String, validationParameters As TokenValidationParameters, ByRef validatedToken As SecurityToken) As ClaimsPrincipal

Parameters

token: String

the JWT encoded as JWE or JWS

validationParameters: TokenValidationParameters

Contains validation parameters for the JwtSecurityToken.

validatedToken: SecurityToken

The JwtSecurityToken that was validated.

Returns

ClaimsPrincipal

A ClaimsPrincipal from the JWT. Does not include claims found in the JWT header.

Exceptions

ArgumentNullException

validationParameters is null.

ArgumentException

token.Length is greater than MaximumTokenSizeInBytes.

SecurityTokenMalformedException

CanReadToken(String) returns false.

SecurityTokenDecryptionFailedException

token was a JWE was not able to be decrypted.

SecurityTokenEncryptionKeyNotFoundException

token 'kid' header claim is not null AND decryption fails.

SecurityTokenException

token 'enc' header claim is null or empty.

SecurityTokenExpiredException

token 'exp' claim is < DateTime.UtcNow.

SecurityTokenInvalidAudienceException

token 'aud' claim did not match either ValidAudience or one of ValidAudiences.

SecurityTokenInvalidLifetimeException

token 'nbf' claim is > 'exp' claim.

SecurityTokenInvalidSignatureException

token.signature is not properly formatted.

SecurityTokenNoExpirationException

TokenReplayCache is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.

SecurityTokenNotYetValidException

token 'nbf' claim is > DateTime.UtcNow.

SecurityTokenReplayAddFailedException

token could not be added to the TokenReplayCache.

SecurityTokenReplayDetectedException

token is found in the cache.

Remarks

Many of the exceptions listed above are not thrown directly from this method. See Validators to examine the call graph.

Applies to

Feedback

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.

Submit and view feedback for

This product This page

View all page feedback