Add token validation.

Author: peombwa

src/Authentication/Authentication/Cmdlets/ConnectGraph.cs

@@ -239,12 +239,23 @@ private void ThrowParameterError(string parameterName)
         private void DecodeJWT(string token, IAccount account, ref IAuthContext authContext)
         {
             JwtPayload jwtPayload = JwtHelpers.DecodeToObject<JwtPayload>(token);
-            if (jwtPayload == null && authContext.AuthType == AuthenticationType.UserProvidedAccessToken)
+            if (authContext.AuthType == AuthenticationType.UserProvidedAccessToken)
             {
-                throw new Exception(string.Format(
-                        CultureInfo.CurrentCulture,
-                        ErrorConstants.Message.InvalidUserProvidedToken,
-                        nameof(AccessToken)));
+                if (jwtPayload == null)
+                {
+                    throw new Exception(string.Format(
+                            CultureInfo.CurrentCulture,
+                            ErrorConstants.Message.InvalidUserProvidedToken,
+                            nameof(AccessToken)));
+                }
+
+                if (jwtPayload.Exp <= JwtHelpers.ConvertToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromMinutes(Constants.TokenExpirationBufferInMinutes)))
+                {
+                    throw new Exception(string.Format(
+                            CultureInfo.CurrentCulture,
+                            ErrorConstants.Message.ExpiredUserProvidedToken,
+                            nameof(AccessToken)));
+                }
             }
 
             authContext.ClientId = jwtPayload?.Appid ?? authContext.ClientId;

src/Authentication/Authentication/Constants.cs

@@ -18,5 +18,6 @@ public static class Constants
         internal const string ProfileDescription = "A snapshot of the Microsoft Graph {0} API for {1} cloud.";
         internal const string TokenCacheServiceName = "com.microsoft.graph.powershell.sdkcache";
         internal const string DefaultProfile = "v1.0-beta";
+        internal const int TokenExpirationBufferInMinutes = 5;
     }
 }

src/Authentication/Authentication/ErrorConstants.cs

@@ -23,6 +23,7 @@ internal static class Message
             internal const string MacKeyChainFailed = "{0} failed with result code {1}.";
             internal const string DeviceCodeTimeout = "Device code terminal timed-out after {0} seconds. Please try again.";
             internal const string InvalidUserProvidedToken = "The provided access token is invalid. Set a valid access token to `-{0}` parameter and try again.";
+            internal const string ExpiredUserProvidedToken = "The provided access token has expired. Set a valid access token to `-{0}` parameter and try again.";
         }
     }
 }

src/Authentication/Authentication/Helpers/JwtHelpers.cs

@@ -59,5 +59,17 @@ internal static T DecodeToObject<T>(string jwtString)
                         }, ex);
             }
         }
+
+        /// <summary>
+        /// Converts a DateTime to Unix timestamp in seconds past epoch.
+        /// </summary>
+        /// <param name="time">A <see cref="DateTime"/> to convert.</param>
+        /// <returns>Unix timestamp.</returns>
+        internal static long ConvertToUnixTimestamp(DateTime time)
+        {
+            DateTime epochTime = new DateTime(1970, 1, 1, 0, 0, 0, 0);
+            TimeSpan timeDiff = time - epochTime;
+            return (long)timeDiff.TotalSeconds;
+        }
     }
 }

src/Authentication/Authentication/Models/JwtPayload.cs

@@ -8,6 +8,9 @@ namespace Microsoft.Graph.PowerShell.Authentication.Models
     using Newtonsoft.Json;
     internal partial class JwtPayload
     {
+        [JsonProperty("exp")]
+        public long Exp { get; set; }
+
         [JsonProperty("aud")]
         public Uri Aud { get; set; }