leastprivilege
commented
6 years ago Use https://jwt.io to see how it looks on the wire...
Closed icistrate closed 6 years ago
leastprivilege
commented
6 years ago Use https://jwt.io to see how it looks on the wire...
leastprivilege
commented
6 years ago and?
icistrate
commented
6 years ago Well, actually I thought I don't need to check that since I could see correct value (without extra quotes) in one of the clients (Angular client). But sure, I will check as you proposed tomorrow and will let you know. Thank you for your time Dominik.. and sorry for my delay!
icistrate
commented
6 years ago Ok, so I did as requested, I checked the token from API side when token is getting validated (Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext). I put the value of ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)context.SecurityToken).RawData in jwt.io. The value of 'updated_at' claim appears to be correct (no extra quotes).
But still, when I try to read this claim during authorization principal.FindFirst(JwtClaimTypes.UpdatedAt)?.Value I get the extra quotes. Looks like there is a bug somewhere.
Edit: I attach an image showing the extra quotes
leastprivilege
commented
6 years ago Then this is a bug in the Microsoft JWT handler. Open an issue on their repo.
Actually it is probably a bug in their JWT token handler. But starting with the ASP.NET is a good start.
brockallen
commented
6 years ago All set on this issue -- can we close?
icistrate
commented
6 years ago Yes, although I cannot completely understand how to set correctly values in Claims, because the API offers me only string values to pass in.
So, my new code is this:
new Claim(JwtClaimTypes.UpdatedAt, dt.ToString("s", InvariantCulture), ClaimValueTypes.DateTime));
but still cannot get rid of quotes.. strange! (Works with other claims of type int and "json" though)
brockallen
commented
6 years ago Perhaps you need to pass the value type (and use ClaimValueTypes)?
https://referencesource.microsoft.com/#mscorlib/system/security/claims/Claim.cs,127
leastprivilege
commented
6 years ago Didn't you already learn on the other issue tracker that you need to encode your date as epoch/unix time? Do that - and set the ClaimValueType to Integer.
icistrate
commented
6 years ago Duh! ... Finally got it (coming from Microsoft world was bit difficult to understand). Thanks a lot Dominik! Sorry for the hassle!
Hi,
I am using v1.2.1 (latest before v2). I have a strange behavior that the value retrieved from JwtClaimTypes.UpdatedAt claim is
\"2017-03-27T13:10:05\"instead of2017-03-27T13:10:05(note extra quotes). I checked on IdentityServer side and I could see that the value is correctly set into the token; it seems this happens only on API side.Just for reference, I used
dt.ToString("s", InvariantCulture)when creating the claim in IDS; but when reading the value withDateTime.ParseExact(dt, "s", InvariantCulture);this always fails because of extra quotes.Is this a normal behavior? Cannot understand which module is filling in the claims wrongly. Is it
IdentityServer4.AccessTokenValidationor some other module in .net core (Microsoft.AspNetCore.Authentication.JwtBearer)?