0

I have code to generate JWT token:

 var utcNow = DateTime.UtcNow;
 var utcNowUnix = (Int32)(utcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
 var expirationTimeUtcUnix = (Int32)(utcNow.AddHours(6).Subtract(new DateTime(1970, 1, 1))).TotalSeconds;

 var payload = new JwtPayload
                   {
                        {"sub", "xxxxxxxx"},
                        {"iat", utcNowUnix},
                        {"exp", expirationTimeUtcUnix }
                   };

 var headers = new JwtHeader
                   {
                        { "alg", "HS256" },
                        { "typ", "JWT" }
                   };

 var secToken = new JwtSecurityToken(headers, payload);
 var handler = new JwtSecurityTokenHandler();

 // Token to String so you can use it in your client
 var tokenString = handler.WriteToken(secToken);

Generated token looks like: xxxx.yyyy When I pass the same value on the page: jwt.io

and generate token, the format of two first parts are the same: xxxx.yyyy.(zzzz) but on the page .zzzz is generated because there is something like:

VERIFY SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  
) secret base64 encoded

How and where should I add this part of signature?

jps
  • 20,041
  • 15
  • 75
  • 79
Robert
  • 2,571
  • 10
  • 63
  • 95
  • This might help: (https://docs.hidglobal.com/auth-service/Content/pages/BuildingApps/Csharp/Create_and_Sign_a_JSON_Web_Token__JWT__with_C__and__Net.htm). You need to use one of the other constructors, either the one which take in the 3 raw string values or the one which takes the signing credentials when you create your `jwtsecuritytoken`. - (https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken.-ctor?view=azure-dotnet) – Ryan Wilson Dec 17 '20 at 15:30
  • 1
    so basically you need to add a SecurityTokenDescriptor with SigningCredential as schon in the accepted answer – jps Dec 17 '20 at 17:04

0 Answers0