@@ -164,6 +164,11 @@ private async Task<JsonWebToken> SatelliteTokenValidation(string token)
164164 {
165165 var handler = new JsonWebTokenHandler { MaximumTokenSizeInBytes = 1024 * 1024 * 2 } ;
166166
167+ var jsonWebToken = handler . ReadJsonWebToken ( token ) ;
168+ var chain = AuthenticationService . GetCertificateChain ( jsonWebToken ) ;
169+ var signingCertificate = new X509Certificate2 ( Convert . FromBase64String ( chain [ 0 ] ) ) ;
170+ var signingKey = new X509SecurityKey ( signingCertificate ) ;
171+
167172 //NOTE: As we trust the satellite and get the tokens from a predefined url over HTTPS we only do basic token validation.
168173 var tokenValidationParameters = new TokenValidationParameters ( )
169174 {
@@ -177,11 +182,19 @@ private async Task<JsonWebToken> SatelliteTokenValidation(string token)
177182 RequireExpirationTime = true ,
178183 ClockSkew = TimeSpan . FromSeconds ( 10 ) ,
179184 RequireSignedTokens = true ,
185+ IssuerSigningKey = signingKey ,
186+ ValidateIssuerSigningKey = true
180187 } ;
181188
182- await handler . ValidateTokenAsync ( token , tokenValidationParameters ) ;
189+ var validationResult = await handler . ValidateTokenAsync ( token , tokenValidationParameters ) ;
190+ if ( validationResult . IsValid == false )
191+ {
192+ logger . LogError ( "Satellite token validation error: {msg}" , validationResult . Exception ? . Message ) ;
193+ throw validationResult . Exception ?? new Exception ( "Satellite token validation failed" ) ;
194+ }
183195
184- return handler . ReadJsonWebToken ( token ) ;
196+ logger . LogInformation ( "Satellite token validation successful" ) ;
197+ return jsonWebToken ;
185198 }
186199
187200 private async Task SetAuthorizationHeader ( )
0 commit comments