public TimeSpan ExpiryClockTolerance { get; set; }
Clock tolerance for the expiration check.
Causes a JWT to pass validation up to this duration after it really expired;
this is to allow for possible local-client clock skew.
Defaults to zero.
Internal to be used only for backward compatibility.
public TimeSpan IssuedAtClockTolerance { get; set; }
Clock tolerance for the issued-at check.
Causes a JWT to pass validation up to this duration before it is really valid;
this is to allow for possible local-client clock skew.
Defaults to zero.
Internal to be used only for backward compatibility.
Trusted audiences for the token.
All the audiences the token is intended for should be in the
trusted audiences list.
If the list is empty, the token audience won't be verified.
List of trusted issuers to verify the token issuer against.
The token issuer must be contained in this list.
May be null, in which case the token issuer won't be verified.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eSignedTokenVerificationOptions\u003c/code\u003e class provides customizable options for verifying signed JSON Web Tokens (JWTs), allowing control over certificate sources, expiration checks, and audience/issuer validation.\u003c/p\u003e\n"],["\u003cp\u003eThis class allows the configuration of \u003ccode\u003eCertificatesUrl\u003c/code\u003e to specify where to fetch certificates, defaulting to Google's certificate locations if not explicitly provided, handling both RS256 and ES256 certificate types.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eExpiryClockTolerance\u003c/code\u003e and \u003ccode\u003eIssuedAtClockTolerance\u003c/code\u003e properties permit the adjustment of time-based validations to account for potential clock discrepancies between client and server.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eTrustedAudiences\u003c/code\u003e and \u003ccode\u003eTrustedIssuers\u003c/code\u003e properties enable the definition of acceptable token audiences and issuers, enhancing security by verifying that the token is intended for the appropriate recipient and was issued by a trusted entity.\u003c/p\u003e\n"],["\u003cp\u003eThere are 2 constructors available, one that takes no parameters, and one that takes another \u003ccode\u003eSignedTokenVerificationOptions\u003c/code\u003e to set the new class' properties.\u003c/p\u003e\n"]]],[],null,["# Class SignedTokenVerificationOptions (1.69.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.69.0 (latest)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.SignedTokenVerificationOptions)\n- [1.68.0](/dotnet/docs/reference/Google.Apis/1.68.0/Google.Apis.Auth.SignedTokenVerificationOptions)\n- [1.60.0](/dotnet/docs/reference/Google.Apis/1.60.0/Google.Apis.Auth.SignedTokenVerificationOptions)\n- [1.59.0](/dotnet/docs/reference/Google.Apis/1.59.0/Google.Apis.Auth.SignedTokenVerificationOptions)\n- [1.55.0](/dotnet/docs/reference/Google.Apis/1.55.0/Google.Apis.Auth.SignedTokenVerificationOptions)\n- [1.50.0](/dotnet/docs/reference/Google.Apis/1.50.0/Google.Apis.Auth.SignedTokenVerificationOptions) \n\n public sealed class SignedTokenVerificationOptions\n\nOptions to use when verifying signed JWTs. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e SignedTokenVerificationOptions \n\nInherited Members\n-----------------\n\n[object.Equals(object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object)) \n[object.Equals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object-system-object)) \n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ReferenceEquals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.referenceequals) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Apis.Auth](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth)\n\nAssembly\n--------\n\nGoogle.Apis.Auth.dll\n\nConstructors\n------------\n\n### SignedTokenVerificationOptions()\n\n public SignedTokenVerificationOptions()\n\nCreates a new instance of [SignedTokenVerificationOptions](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.SignedTokenVerificationOptions)\nwith default values for all options (or null for those whose default is unset).\n\n### SignedTokenVerificationOptions(SignedTokenVerificationOptions)\n\n public SignedTokenVerificationOptions(SignedTokenVerificationOptions other)\n\nCreates a new instance of [SignedTokenVerificationOptions](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.SignedTokenVerificationOptions)\nby copying over all the values from `other`.\n\nProperties\n----------\n\n### CertificatesUrl\n\n public string CertificatesUrl { get; set; }\n\nThe URL from where to obtain certificates from.\nMay be null, in which case, default certificate locations will be used:\n\n- For RS256 signed certificates, \u003chttps://www.googleapis.com/oauth2/v3/certs\u003e will be used.\n- For ES256 signed certificates, \u003chttps://www.gstatic.com/iap/verify/public_key-jwk\u003e will be used.\n\n\u003cbr /\u003e\n\n### ExpiryClockTolerance\n\n public TimeSpan ExpiryClockTolerance { get; set; }\n\nClock tolerance for the expiration check.\nCauses a JWT to pass validation up to this duration after it really expired;\nthis is to allow for possible local-client clock skew.\nDefaults to zero.\nInternal to be used only for backward compatibility.\n\n### IssuedAtClockTolerance\n\n public TimeSpan IssuedAtClockTolerance { get; set; }\n\nClock tolerance for the issued-at check.\nCauses a JWT to pass validation up to this duration before it is really valid;\nthis is to allow for possible local-client clock skew.\nDefaults to zero.\nInternal to be used only for backward compatibility.\n\n### TrustedAudiences\n\n public IList\u003cstring\u003e TrustedAudiences { get; }\n\nTrusted audiences for the token.\nAll the audiences the token is intended for should be in the\ntrusted audiences list.\nIf the list is empty, the token audience won't be verified.\n\n### TrustedIssuers\n\n public IList\u003cstring\u003e TrustedIssuers { get; }\n\nList of trusted issuers to verify the token issuer against.\nThe token issuer must be contained in this list.\nMay be null, in which case the token issuer won't be verified.\n\nExtension Method\n----------------\n\n[Utilities.ThrowIfNull\\\u003cT\\\u003e(T, string)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Util.Utilities#Google_Apis_Util_Utilities_ThrowIfNull__1___0_System_String_)"]]
