Lets' take a look at what the simplest possible security token validation might look like.
All security token responses are Base64 encoded strings of either a SAML or JWT token. We strongly recommend that you use JWT tokens and not SAML!
The main class for processing tokens is SuperIdTokenHandler in the SuperOffice.SuperID.Client DLL.
If you don't have access to the certificate store, you must substitute this procedure with a validation override.
Pre-req:
- All 3 certificates are installed correctly
- A correct thumbprint is defined in the SuperIdCertificate appSettings section
Procedure:
-
Decode the token from Base64 to a string. This results in a JSON string.
-
Use an appropriate certificate validation library and the public SuperOffice certificate to validate the token:
- Instantiate a SuperIdTokenHandler
- Invoke the ValidateToken method and pass a JWT token
-
If and only if the token is valid, accept the claims and proceed accordingly:
public SuperIdToken ValidateToken(string token)
{
var tokenHandler = new SuperIdTokenHandler();
return tokenHandler.ValidateToken(token, TokenType.Jwt);
}
If you for some reason need to use SAML tokens, simply substitute token type in step 2 (TokenType.Saml) and pass your SAML token. SuperIdTokenHandler hides the slight differences between SAML and JWT tokens.
Assemblies and helper libraries
SuperOffice provides the SuperOffice.Crm.Online.Core NuGet for processing online requests. It contains the following assemblies:
- SuperOffice.Online.Core
- SuperOffice.SuperID.Client
- SuperOffice.SuperID.Contracts
We also provide .NET helper libraries, which you can download.