How do you put an authentication token on URL as query parameter?

Question

I'm doing a PayPal Express Checkout on my ASP.Net MVC site.

The site uses token authentication so I'm trying to put the token on the PayPal return URL as a query parameter.

I have a handler that intercepts all requests to my site and extracts the token from the URL or the request header.

Works fine getting it from the header but I get the following exception when its a query parameter. I get the token from my claims principal and don't do any encoding/decoding. I've tried this method but had no luck (same exception occurs).

System.ArgumentException was caught
  HResult=-2147024809
  Message=Jwt10204: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string: '{really long token}'.
The string needs to be in compact JSON format, which is of the form: '<Base64UrlEncodedHeader>.<Base64UrlEndcodedPayload>.<OPTIONAL, Base64UrlEncodedSignature>'.
  Source=System.IdentityModel.Tokens.Jwt
  StackTrace:
       at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ReadToken(String jwtEncodedString)
       at {our namespace}.Providers.JwtTokenServiceProvider.GetToken(String value)
       at {our namespace}.TokenAuthorisationController.Post(TokenRequest request)

score 0 · Accepted Answer · answered Aug 25 '14 at 01:14

Turns out the problem was that PayPal appending another string (that look like a PayPal Express Checkout token) on then end of the URL with a comma as a delimiter instead of the "&" symbol.

So I solved the issue by removing the comma character and the extra characters after the comma to extra my JWT token.

How do you put an authentication token on URL as query parameter?

1 Answers1

Linked