Fix: Added new method that silently validates a JWT token

coscine/issues#2591

src/JwtHandler/JwtHandler.cs

@@ -3,6 +3,7 @@ using Microsoft.IdentityModel.Tokens;
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
+using System.IO;
 using System.Linq;
 using System.Security.Claims;
 using System.Text;
@@ -60,6 +61,32 @@ namespace Coscine.JwtHandler
             };
 
             _jwtSecurityTokenHandler.ValidateToken(token, tokenValidationParameters, out _);
+
+            return true;
+        }
+
+        public bool TryValidateToken(string token)
+        {
+            var tokenValidationParameters = new TokenValidationParameters
+            {
+                ValidAudience = _audience,
+                ValidIssuer = _issuer,
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKey = _symmetricSecurityKey,
+                ValidateIssuer = false,
+                ValidateAudience = false,
+                // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
+                ClockSkew = TimeSpan.Zero
+            };
+
+            try
+            {
+                _jwtSecurityTokenHandler.ValidateToken(token, tokenValidationParameters, out _);
+            }
+            catch (Exception _)
+            {
+                return false;
+            }
             return true;
         }