-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to validate and decode a Jwt token from microsoft identity server 4? #134
Comments
Hi @fabriziodb , this is RS256 signed token, you can decode / verify signature via: https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens string token = "your-token-here";
var privateKey = ... ; // your private key
string json = Jose.JWT.Decode(token, privateKey); Then apply whatever checks you need, like token not expired, intended audience, e.t.c. |
hi, is this the right way to pass the privato key? get always the same error. thanks.
string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6InVVaENEMWZtLUp4OGdIeDRZX2djM1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1OTMwODk3OTMsImV4cCI6MTU5MzA5MzM5MywiaXNzIjoiaHR0cDovL2lkZW50aXR5c2VydmVyLmRldi4yNG9yZXByby5pbi5pbHNvbGUyNG9yZS5pdCIsImF1ZCI6InN3Z19lbnRpdGxlbWVudHMiLCJjbGllbnRfaWQiOiJtdmMiLCJzdWIiOiJmZGIxIiwiYXV0aF90aW1lIjoxNTkzMDg5NzkyLCJpZHAiOiJsb2NhbCIsInJvbGUiOlsiZGF0YUV2ZW50UmVjb3Jkcy5hZG1pbiIsImRhdGFFdmVudFJlY29yZHMudXNlciJdLCJ1c2VybmFtZSI6ImZkYjEiLCJ1c2VySWRlbnRpdHkiOiJQWjVmbThzTStYZS9hbWE0cmlnMXBPOEE3TnI3RVRxSU5DWTNyZzJQc1I0PSIsInNjb3BlIjpbInByb2ZpbGUiLCJvcGVuaWQiLCJzd2dfZW50aXRsZW1lbnRzIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.ml-Jy8wwwC4MtncH_PisVj2H7Ro6kiU8hOs2HfeoPNJ6ExNhHjRxGgXua2GoYPmqBNYBJLSzmiZGHHXVB4pToJ2ETL8nqWhU46hvtpPV1IS6aVjPm2yHcTj2ooDwTDt35xT8sLmvar96_dYPmjkiIWQt9QvI15XqYJ9XF3znudG7dMU7RmWfLo_v_S0U1tz4-90xNMEqxEyoGFkEeB9xes74hfu_Ptd_0k7jOxdYebd1tz2IX3XDDXbBjQyZzxn77Jr2Xs5MCgdCFspDUYCAjnBMpo0hj4I5TAADMGOI7zZFkxmmLArzzmxadcul-475QkmOpw-nmrnKRMs0vriTMg";
Jose.JWT.Decode(token,"secret");
…________________________________
Da: DV <[email protected]>
Inviato: venerdì 26 giugno 2020 15:30
A: dvsekhvalnov/jose-jwt <[email protected]>
Cc: fabriziodb <[email protected]>; Mention <[email protected]>
Oggetto: Re: [dvsekhvalnov/jose-jwt] How to validate and decode a Jwt token from microsoft identity server 4? (#134)
Hi @fabriziodb<https://github.com/fabriziodb> ,
this is RS256 signed token, you can decode / verify signature via: https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens
string token = "your-token-here";
var privateKey = ... ; // your private key
string json = Jose.JWT.Decode(token, privateKey);
Then apply whatever checks you need, like token not expired, intended audience, e.t.c.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#134 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAJMNZXFYKINE6LDUCGOPJTRYSPIPANCNFSM4OIQOAJQ>.
|
No. For RS256 you normally read your private key from .p12 file or windows truststore, like var privateKey=new X509Certificate2("key.p12", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider; https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens - covers all cases |
thanks, i've to create a file named key.p12 containing the secret inside?
…________________________________
Da: DV <[email protected]>
Inviato: venerdì 26 giugno 2020 16:13
A: dvsekhvalnov/jose-jwt <[email protected]>
Cc: fabriziodb <[email protected]>; Mention <[email protected]>
Oggetto: Re: [dvsekhvalnov/jose-jwt] How to validate and decode a Jwt token from microsoft identity server 4? (#134)
No. For RS256 you normally read your private key from .p12 file or windows truststore, like
var privateKey=new X509Certificate2("key.p12", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider;
https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens - covers all cases
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#134 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAJMNZSJ2WTLWZRSJDCSRULRYSUH7ANCNFSM4OIQOAJQ>.
|
no, you actually should have private key, because you registered public part of it microsoft identity server. |
Please, can anyone help me to understand how to validate and decode a jwt access token release from m$ IS4?
this is a token from the server, thanks.
eyJhbGciOiJSUzI1NiIsImtpZCI6InVVaENEMWZtLUp4OGdIeDRZX2djM1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1OTMwODk3OTMsImV4cCI6MTU5MzA5MzM5MywiaXNzIjoiaHR0cDovL2lkZW50aXR5c2VydmVyLmRldi4yNG9yZXByby5pbi5pbHNvbGUyNG9yZS5pdCIsImF1ZCI6InN3Z19lbnRpdGxlbWVudHMiLCJjbGllbnRfaWQiOiJtdmMiLCJzdWIiOiJmZGIxIiwiYXV0aF90aW1lIjoxNTkzMDg5NzkyLCJpZHAiOiJsb2NhbCIsInJvbGUiOlsiZGF0YUV2ZW50UmVjb3Jkcy5hZG1pbiIsImRhdGFFdmVudFJlY29yZHMudXNlciJdLCJ1c2VybmFtZSI6ImZkYjEiLCJ1c2VySWRlbnRpdHkiOiJQWjVmbThzTStYZS9hbWE0cmlnMXBPOEE3TnI3RVRxSU5DWTNyZzJQc1I0PSIsInNjb3BlIjpbInByb2ZpbGUiLCJvcGVuaWQiLCJzd2dfZW50aXRsZW1lbnRzIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.ml-Jy8wwwC4MtncH_PisVj2H7Ro6kiU8hOs2HfeoPNJ6ExNhHjRxGgXua2GoYPmqBNYBJLSzmiZGHHXVB4pToJ2ETL8nqWhU46hvtpPV1IS6aVjPm2yHcTj2ooDwTDt35xT8sLmvar96_dYPmjkiIWQt9QvI15XqYJ9XF3znudG7dMU7RmWfLo_v_S0U1tz4-90xNMEqxEyoGFkEeB9xes74hfu_Ptd_0k7jOxdYebd1tz2IX3XDDXbBjQyZzxn77Jr2Xs5MCgdCFspDUYCAjnBMpo0hj4I5TAADMGOI7zZFkxmmLArzzmxadcul-475QkmOpw-nmrnKRMs0vriTMg
The text was updated successfully, but these errors were encountered: