2

I'm using Microsofts libraries to create an encrypted JWT ( JWE ), using RSA public/private keys. I'm propably missing something on how to properly create the JWT, because the header 'typ' value is 'JWT' instead of 'JWE'.

    // Create JWT credentials
    var encryptingCredentials = new EncryptingCredentials(publicKey, 
        "RSA-OAEP", 
        "A256CBC-HS512");

    // Create JWT header
    var header = new JwtHeader(encryptingCredentials);

    // Create JWT payload
    var payload = new JwtPayload
    {
        ...
    };

    // Create JWT request string
    var securityToken = new JwtSecurityToken(header, payload);
    var handler = new JwtSecurityTokenHandler();
    var tokenString = handler.WriteToken(securityToken);

    // Final redirect url
    var url = $"https://some-external-service.com/oidc/authorize?request={tokenString}";
    return Redirect(url);

The produced header ( after base64url decoding ) is as follows

    {
        "alg": "RSA-OAEP",
        "enc": "A256CBC-HS512",
        "kid": "any.oidc-encryption-preprod.test.jwk.v.1",
        "typ": "JWT"
    }

When I compare this to a working reference example in python, the only difference is

"typ": "JWE"

Headers Typ property is read-only, and doing header["typ"] = "JWE" doesn't change the output.

Receiving end produces server error 500, their python example works great so something is wrong with my JWT output.

Am I using System.IdentityModel.Tokens.Jwt libraries wrong?

Morri
  • 571
  • 5
  • 20
  • What JWT library are you using on the Python side? – silkfire Aug 26 '19 at 12:55
  • jwcrypto. You can see the full python example here: https://github.com/signicat/OIDC-MLE/blob/master/py-ftn-example/ftn-mle-example.py – Morri Aug 26 '19 at 13:21
  • Have you taken a look at this answer? https://stackoverflow.com/questions/54633115/cannot-find-a-way-to-decrypt-a-jwe-token-in-python-but-created-in-asp-net-usin – silkfire Aug 26 '19 at 15:17
  • I would recommend to check out https://stackoverflow.com/questions/18223868/how-to-encrypt-jwt-security-token – dropoutcoder Aug 26 '19 at 18:24
  • @silkfire, that question is more related to python implementation, where as I'm trying to do C# implementation based on python reference – Morri Aug 27 '19 at 03:00
  • @dropoutcoder, I tried that approach with handler.CreateJwtSecurityToken, but that didn't work either. I'm not sure though if Claims in this case are the same thing as the payload values or not. – Morri Aug 27 '19 at 05:48

0 Answers0