Comments (11)
Google uses RS256 to encode JWT which is supported only in this branch: https://github.com/abatishchev/jwt/tree/rs256-1
from jwt.
Hi Alexander... Sorry for the delay and thanks for the reply. I downloaded the branch and I'm getting the same issue. I'm assuming I should be using the Google secret to decode the token. Is there a better forum for posting these types of questions on this library?
from jwt.
Alexander, can you please provide an example? I am getting error caling:
byte[] key = File.ReadAllBytes("C:\key.pub");
String secret = "xxxxxx";
string jsonPayload = JWT.JsonWebToken.Encode(payload, key, secret, JWT.JwtHashAlgorithm.RS256);
private static byte[] RS256(byte[] key, string secret, byte[] value)
{
var cert = new X509Certificate2(key, secret); <<<<<<<<<<<<<<<<<<<<
"An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll
Additional information: O objeto necessário não foi encontrado."
from jwt.
I'm sorry, missed your previous comment.
Are you sure you want to import a pub file not a pfx file? Pub contains the secret, doesn't it? Which usually goes as the second string paramter in plain string.
from jwt.
I was looking in JWT website (http://jwt.io/#debugger) and thought that the "key" parameter was the public or private key, but now I know that should be a pfx file. I create and now It worked, but I had to made some changes in the code.
- In the method GetHashAlgorithm [ private static JwtHashAlgorithm GetHashAlgorithm(string algorithm) ] I had to add the "RS256" case. [ case "RS256": return JwtHashAlgorithm.RS256; ]
- The Decode method doesn't have the 'secret' parameter, I override it.
Thanks.
from jwt.
Hi Alexander/xnog…
When I set up my Google+ account, they provided me with a secret. Shouldn’t this secret be used for signature verification?
From: xnog [mailto:[email protected]]
Sent: June 26, 2015 8:38 AM
To: jwt-dotnet/jwt
Cc: Simon Eisner
Subject: Re: [jwt] Trying to verify token does not work (#27)
I was looking in JWT website (http://jwt.io/#debugger) and thought that the "key" parameter was the public or private key, but now I know that should be a pfx file. I create and now It worked, but I have to made some changes in the code.
1 - In the method GetHashAlgorithm [ private static JwtHashAlgorithm GetHashAlgorithm(string algorithm) ] I had to add the "RS256" case. [ case "RS256": return JwtHashAlgorithm.RS256; ]
2 - The Decode method doesn't have the 'secret' parameter, I override it.
Thanks.
https://github.com/xnog
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/27#issuecomment-115664430.
from jwt.
Google+? Or do you mean Google+ API?
I think they assign keys at Dev Console.
from jwt.
That’s where I got the client and secret… at the Dev Console. I’m not sure what a certificate pfx or pub file would have to do with this? Do I just need to create a text file, and add the secret into there? That’s what I’m not following. I thought the secret from the Dev Console would be used to sign the tokens.
[cid:[email protected]]
From: Alexander Batishchev [mailto:[email protected]]
Sent: June 26, 2015 12:29 PM
To: jwt-dotnet/jwt
Cc: Simon Eisner
Subject: Re: [jwt] Trying to verify token does not work (#27)
Google+? Or do you mean Google+ API?
I think they assign keys at Dev Consolehttps://code.google.com/apis/console/.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/27#issuecomment-115746929.
from jwt.
You may want to convert your pfx into base64 string and keep it in Web.config for instance:
- You load pfx into X509Certificate2
- Don't forget to mark it exportable http://stackoverflow.com/questions/4198493/x509certificate2-has-private-key-not-exportable
- You export it to a string http://stackoverflow.com/questions/4739407/exporting-a-certificate-as-base-64-encoded-cer
Next time you need it you construct X509Certificate2 using its base64 representation and the secret:
var cert = new X509Certificate2(Convert.FromBase64String(key), secret);
from jwt.
Hey, how is going? Did you it get it working?
from jwt.
Hey there... no not yet. I haven't had a chance to try the converstion the way you're saying. I'm guessing I would use our domain PFX. I will try that today. Thanks for checking back.
from jwt.
Related Issues (20)
- Not properly serilized object in fluent version of Decode HOT 9
- Support Asynchronous Signing in IJwtAlgorithm interface HOT 5
- Why has the HMAC SHA algorithm become obsolete? HOT 2
- InvalidOperationException occurs in Decode() after DecodeHeader(). HOT 2
- Support JWT authentication with public key using ES256 algorithm on .NET Compact Framework 3.5 HOT 2
- Decode does not break on wrong signature HOT 5
- How to enable MODERN_DOTNET? HOT 5
- Dotnet 8.0 AOT Issues
- Where is `RS256Algorirhm`? HOT 1
- Expiry Time is added to claims when decoding HOT 3
- Having trouble with first example Encode() HOT 2
- Expired token not throwing TokenExpiredException HOT 7
- Null reference error when trying to Decode HOT 2
- How to use IJwtValidator.Validate / TryValidate? HOT 5
- jwt is missing NuGet package README file HOT 2
- System.Text.Json should only be a dependency for .NET standard HOT 3
- Authorization throwing an exception: IDX10503 HOT 3
- nbf validation cannot be disabled HOT 5
- But in documentation in SystemTextSerializer says it uses System.Text instead of Newtonsoft.Json HOT 2
- VULNERABILITY: CVE-2024-30105 - System.Text.Json (6.0.7) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.