您好我正在使用“JwtSecurityTokenHandler”的“ValidateToken”来验证带有证书的令牌,如下所示:
private ClaimsPrincipal GetClaims(X509Certificate2 validatingCer, string token)
{
JwtSecurityTokenHandler JwtSecurityTokenHandler;
X509SecurityKey securityKey = new X509SecurityKey(validatingCer);
TokenValidationParameters validationParams= new TokenValidationParameters {
// Validation states:
ValidateLifetime = true,
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// Validation parameters:
ValidIssuer = "Test",
ClockSkew = new TimeSpan(0, 10, 0),
IssuerSigningKey = securityKey
};
SecurityToken validatedSecurityToken;
ClaimsPrincipal claims = JwtSecurityTokenHandler.ValidateToken(token, validationParameters, out validatedSecurityToken);
return claims;
}
这里“token”包含不同的“kid”值,而“validatingCer”包含不同的“kid”但仍然“ValidateToken”不验证相同的内容?