Consider adding more base methods to TokenHandler

[kevinchalet]

TokenHandler seems pretty useless as a base class, as it doesn't expose any useful method for token generation or validation.

Please consider adding abstract or virtual properties/methods for at least the following APIs:

• Type TokenType { get; }
• bool CanReadToken(string token)
• string CreateToken(SecurityTokenDescriptor tokenDescriptor)
• TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters)

[brentschmaltz]

@PinpointTownes we agree and want to do this work in our 6.x so we can easily have asp.net 3.x take a dependency.

[brentschmaltz]

@kevinchalet CreateToken(SecurityTokenDescriptor ...) is defined to return by SecurityTokenHandler to return SecurityToken. I agree this method would be helpful to return a string. Perhaps a different name.

[jennyf19]

@kevinchalet sorry we missed this one for Wilson7. Will keep it on the radar for Wilson8 (no ETA)

[brentschmaltz]

Type TokenType { get; } - Should this be on JsonWebToken?

bool CanReadToken(string token) - OK string CreateToken(SecurityTokenDescriptor tokenDescriptor) - OK

TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters) - we already have ValidateTokenAsync, so I don't think we need this.

[kevinchalet]

Type TokenType { get; } - Should this be on JsonWebToken?

The most logical approach is to have a virtual (or abstract, but it would be breaking) property in the base class and override it in each implementation so that the correct type is returned.

bool CanReadToken(string token) - OK string CreateToken(SecurityTokenDescriptor tokenDescriptor) - OK

Since there are now async overloads for the validation part, should these new methods be async/return ValueTask<T>? Could be overkill for the first one, but quite useful for the second one if you ever add things like async encryption or signature providers.