.net - Unable to validate JWT Token
问题描述
Am using the following code for generating Token String.
string key = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1";
//// Create Security key using private key above:
//// not that latest version of JWT using Microsoft namespace instead of System
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
////Also note that securityKey length should be >256b
////so you have to make sure that your private key has a proper length
////
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
//// Finally create a Token
var header = new JwtHeader(credentials);
////Some PayLoad that contain information about the customer
var payload = new JwtPayload
{
{
"some ", "hello "
},
{
"scope", "http://dummy.com/"
},
};
var secToken = new JwtSecurityToken(header, payload);
var tokenString1 = handler.WriteToken(secToken);
Console.WriteLine(tokenString);
Console.WriteLine("Consume Token");
var token = handler.ReadJwtToken(tokenString);
Now When I'm trying to validate token using following code am getting an error:
// Just to validate the authenticity of the certificate.
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuerSigningKey = false,
IssuerSigningKeys = GetEmbeddedKeys(jwtSecurityToken)
};
// Perform the validation
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken validatedToken;
try
{
tokenHandler.ValidateToken(jwtTokenRequest.ClientJwtTokenString, tokenValidationParameters, out validatedToken);
}
catch (ArgumentException)
{
throw EnumException.Create(LicenseClientJwtError.FailedToValidateJwtTokenSignature, string.Format(CultureInfo.InvariantCulture, "PostParseJwtToken - Failed to validate JWT Token Signature. The Token does not have 3 or 5 parts {0}", jwtTokenRequest.ClientJwtTokenString));
}
private static X509SecurityKey[] GetEmbeddedKeys(JwtSecurityToken token)
{
X509SecurityKey[] keys = null;
if (token.Header.TryGetValue("x5c", out var certificateAsString))
{
keys = (certificateAsString as JArray).Values<string>().Select(x => new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(x)))).ToArray();
return keys;
}
return null;
}
am getting jwtTokenRequest.ClientJwtTokenString = "eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lICI6ImhlbGxvICIsInNjb3BlIjoiaHR0cDovL2R1bW15LmNvbS8ifQ.FPkHESpldjwEsdE_ii8936gFq4pfptl3b6ao13BTLZk"
Am getting following error while validating.
Any help would be higly appreciated.
解决方案
"eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lICI6ImhlbGxvICIsInNjb3BlIjoiaHR0cDovL2R1bW15LmNvbS8ifQ.FPkHESpldjwEsdE_ii8936gFq4pfptl3b6ao13BTLZk"
The token is missing the expiry field. That was not a mandatory earlier version of .dot net. From .dot core and lastest version JWT token validator that is mandatory.
推荐阅读
- sql - 如何将数据集拆分为多个子集并将其导出到 Excel
- amazon-web-services - AWS IoT 设备在线/离线检查
- javascript - Firebase @firebase/数据库PERMISSION_DENIED
- firebase - 使用 firebase/firestore JS SDK 过滤掉文档 ID 子集的最佳方法?
- apache - `NameError: name 'TypeError' is not defined` 在 Apache (mod_wsgi)
- html - 如何制作一个角度弹出窗口?
- list - 如何通过应用于它们各自的第一个和第二个值的谓词过滤具有 (Int, Int) 值的元组列表?
- r - confint-南生产
- apache-kafka - 在 kafa 消费者应用程序中处理不同分区和偏移量上的重复项
- node.js - 在 nodejs 中使用 Paypal webhooks 模拟器