Closed imtrobin closed 5 years ago
When I implemented this in anger I wrapped the principal in a result class and returned it from AccessTokenValueProvider.GetValueAsync
. This return class also contained any errors that were thrown by the process of decoding the token.
This allows you to explicitly trap conditions such as expired tokens (this throws a SecurityTokenExpiredException
) rather than having the run-time return a 500 error.
I just returned the principal directly in this sample for the sake of simplicity.
Hi Ben, thanks for sample. I have implemented it successfully but how would you handle the exception from custom binding e.g token expired will throw exception before it goes to the code and returns 500.