JWT RsaSha256 with Microsoft Identity

Question

I am creating a service to service application with Google API's and I'm having issues authenticating.

Perhaps it's my lack of understanding of the RS256 protocol as I have looked through the questions on here and not understanding what I'm doing wrong. The following code has been used in the past using HmacSha256, but when I try to do the same with RSA, I get exception errors.

        using System.IdentityModel.Tokens.Jwt;
        using Microsoft.IdentityModel.Tokens;    
    
        public static string Generate(string user, string privatekey)
        {
            {
                DateTime Expiry = DateTime.Today.AddMinutes(45);
                int expiryTimeStamp = (int)(Expiry - new DateTime(1970, 1, 1)).TotalSeconds;
                int iat = (int)(DateTime.Now - new DateTime(1970, 1, 1)).TotalSeconds;

                var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(privatekey));
                var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256Signature);
                var header = new JwtHeader(credentials);
                var payload = new JwtPayload
                {
                    { "iss", user }, //Service user unique email
                    { "scope", "https://www.googleapis.com/auth/admin.reports.usage.readonly" }, //Scope of data
                    { "aud", "https://oauth2.googleapis.com/token" },
                    { "exp", expiryTimeStamp },
                    { "iat", iat },
                };

                var secToken = new JwtSecurityToken(header, payload);
                var handler = new JwtSecurityTokenHandler();
                var tokenString = handler.WriteToken(secToken);

                return tokenString;
            }
        }
    }

Any help getting this working would be really appreciated!

Thanks!

Does this answer your question? [How to sign a JWT using RS256 with RSA private key](https://stackoverflow.com/questions/38794670/how-to-sign-a-jwt-using-rs256-with-rsa-private-key) — jps, Oct 23 '20 at 18:45
so, whatever errors you got (next time include them in the post), the most obvious error is here: `var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(privatekey));`, because a private RSA key is not a SymmetricKey. See the linked duplicate to learn how to load a RSA key and to sign a token with it. — jps, Oct 23 '20 at 18:47
Thanks for the response! You are right, submitting the key is the issue. But I am still very confused about how this particular key pair works. I have downloaded the private key as part of a JSON file that is parsed. The public key is hosted at another URL, do I need to download that key and have it local as well? — scranusesscrunya, Oct 25 '20 at 13:57
can you show the JSON (at least the structure, you can "xxx" the values. The public key is needed for verification only. Sounds like JWK (JSON Web Key). See here: https://stackoverflow.com/questions/61395261/how-to-validate-signature-of-jwt-from-jwks-without-x5c/61397971#61397971 — jps, Oct 25 '20 at 23:07

JWT RsaSha256 with Microsoft Identity

0 Answers0