JwtSecurityTokenHandler.ValidateSignature Method

Definition

Validates that the signature, if found or required, is valid.

protected virtual System.IdentityModel.Tokens.Jwt.JwtSecurityToken ValidateSignature (string token, Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters);
abstract member ValidateSignature : string * Microsoft.IdentityModel.Tokens.TokenValidationParameters -> System.IdentityModel.Tokens.Jwt.JwtSecurityToken
override this.ValidateSignature : string * Microsoft.IdentityModel.Tokens.TokenValidationParameters -> System.IdentityModel.Tokens.Jwt.JwtSecurityToken
Protected Overridable Function ValidateSignature (token As String, validationParameters As TokenValidationParameters) As JwtSecurityToken

Parameters

token
String

A JWS token.

validationParameters
TokenValidationParameters

The TokenValidationParameters to be used for validating the token.

Returns

A JwtSecurityToken that has the signature validated if token was signed.

Exceptions

If the token has a key identifier and none of the SecurityKey(s) provided result in a validated signature as well as the token had validation errors or lifetime or issuer. This is not intended to be a signal to refresh keys.

If validationParameters is null.

If a signature is not found and RequireSignedTokens is true.

If the token has a key identifier and none of the SecurityKey(s) provided result in a validated signature. This can indicate that a key refresh is required.

If after trying all the SecurityKey(s), none result in a validated signature AND the token does not have a key identifier.

Remarks

If the token is signed, the signature is validated even if RequireSignedTokens is false.

If the token signature is validated, then the SigningKey will be set to the key that signed the 'token'.It is the responsibility of SignatureValidator to set the SigningKey

Applies to