BenMorris
commented
5 years ago When I implemented this in anger I wrapped the principal in a result class and returned it from AccessTokenValueProvider.GetValueAsync. This return class also contained any errors that were thrown by the process of decoding the token.
This allows you to explicitly trap conditions such as expired tokens (this throws a SecurityTokenExpiredException) rather than having the run-time return a 500 error.
I just returned the principal directly in this sample for the sake of simplicity.
Hi Ben, thanks for sample. I have implemented it successfully but how would you handle the exception from custom binding e.g token expired will throw exception before it goes to the code and returns 500.