Open fabriziodb opened 4 years ago
Hi @fabriziodb ,
this is RS256 signed token, you can decode / verify signature via: https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens
string token = "your-token-here";
var privateKey = ... ; // your private key
string json = Jose.JWT.Decode(token, privateKey);
Then apply whatever checks you need, like token not expired, intended audience, e.t.c.
hi, is this the right way to pass the privato key? get always the same error. thanks.
string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6InVVaENEMWZtLUp4OGdIeDRZX2djM1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1OTMwODk3OTMsImV4cCI6MTU5MzA5MzM5MywiaXNzIjoiaHR0cDovL2lkZW50aXR5c2VydmVyLmRldi4yNG9yZXByby5pbi5pbHNvbGUyNG9yZS5pdCIsImF1ZCI6InN3Z19lbnRpdGxlbWVudHMiLCJjbGllbnRfaWQiOiJtdmMiLCJzdWIiOiJmZGIxIiwiYXV0aF90aW1lIjoxNTkzMDg5NzkyLCJpZHAiOiJsb2NhbCIsInJvbGUiOlsiZGF0YUV2ZW50UmVjb3Jkcy5hZG1pbiIsImRhdGFFdmVudFJlY29yZHMudXNlciJdLCJ1c2VybmFtZSI6ImZkYjEiLCJ1c2VySWRlbnRpdHkiOiJQWjVmbThzTStYZS9hbWE0cmlnMXBPOEE3TnI3RVRxSU5DWTNyZzJQc1I0PSIsInNjb3BlIjpbInByb2ZpbGUiLCJvcGVuaWQiLCJzd2dfZW50aXRsZW1lbnRzIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.ml-Jy8wwwC4MtncH_PisVj2H7Ro6kiU8hOs2HfeoPNJ6ExNhHjRxGgXua2GoYPmqBNYBJLSzmiZGHHXVB4pToJ2ETL8nqWhU46hvtpPV1IS6aVjPm2yHcTj2ooDwTDt35xT8sLmvar96_dYPmjkiIWQt9QvI15XqYJ9XF3znudG7dMU7RmWfLo_v_S0U1tz4-90xNMEqxEyoGFkEeB9xes74hfu_Ptd_0k7jOxdYebd1tz2IX3XDDXbBjQyZzxn77Jr2Xs5MCgdCFspDUYCAjnBMpo0hj4I5TAADMGOI7zZFkxmmLArzzmxadcul-475QkmOpw-nmrnKRMs0vriTMg"; Jose.JWT.Decode(token,"secret");
Da: DV notifications@github.com Inviato: venerdì 26 giugno 2020 15:30 A: dvsekhvalnov/jose-jwt jose-jwt@noreply.github.com Cc: fabriziodb fabriziodb@live.it; Mention mention@noreply.github.com Oggetto: Re: [dvsekhvalnov/jose-jwt] How to validate and decode a Jwt token from microsoft identity server 4? (#134)
Hi @fabriziodbhttps://github.com/fabriziodb ,
this is RS256 signed token, you can decode / verify signature via: https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens
string token = "your-token-here"; var privateKey = ... ; // your private key
string json = Jose.JWT.Decode(token, privateKey);
Then apply whatever checks you need, like token not expired, intended audience, e.t.c.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/dvsekhvalnov/jose-jwt/issues/134#issuecomment-650180083, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJMNZXFYKINE6LDUCGOPJTRYSPIPANCNFSM4OIQOAJQ.
No. For RS256 you normally read your private key from .p12 file or windows truststore, like
var privateKey=new X509Certificate2("key.p12", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider;
https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens - covers all cases
thanks, i've to create a file named key.p12 containing the secret inside?
Da: DV notifications@github.com Inviato: venerdì 26 giugno 2020 16:13 A: dvsekhvalnov/jose-jwt jose-jwt@noreply.github.com Cc: fabriziodb fabriziodb@live.it; Mention mention@noreply.github.com Oggetto: Re: [dvsekhvalnov/jose-jwt] How to validate and decode a Jwt token from microsoft identity server 4? (#134)
No. For RS256 you normally read your private key from .p12 file or windows truststore, like
var privateKey=new X509Certificate2("key.p12", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider;
https://github.com/dvsekhvalnov/jose-jwt#verifying-and-decoding-tokens - covers all cases
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/dvsekhvalnov/jose-jwt/issues/134#issuecomment-650201661, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJMNZSJ2WTLWZRSJDCSRULRYSUH7ANCNFSM4OIQOAJQ.
no, you actually should have private key, because you registered public part of it microsoft identity server.
Please, can anyone help me to understand how to validate and decode a jwt access token release from m$ IS4?
this is a token from the server, thanks.
eyJhbGciOiJSUzI1NiIsImtpZCI6InVVaENEMWZtLUp4OGdIeDRZX2djM1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1OTMwODk3OTMsImV4cCI6MTU5MzA5MzM5MywiaXNzIjoiaHR0cDovL2lkZW50aXR5c2VydmVyLmRldi4yNG9yZXByby5pbi5pbHNvbGUyNG9yZS5pdCIsImF1ZCI6InN3Z19lbnRpdGxlbWVudHMiLCJjbGllbnRfaWQiOiJtdmMiLCJzdWIiOiJmZGIxIiwiYXV0aF90aW1lIjoxNTkzMDg5NzkyLCJpZHAiOiJsb2NhbCIsInJvbGUiOlsiZGF0YUV2ZW50UmVjb3Jkcy5hZG1pbiIsImRhdGFFdmVudFJlY29yZHMudXNlciJdLCJ1c2VybmFtZSI6ImZkYjEiLCJ1c2VySWRlbnRpdHkiOiJQWjVmbThzTStYZS9hbWE0cmlnMXBPOEE3TnI3RVRxSU5DWTNyZzJQc1I0PSIsInNjb3BlIjpbInByb2ZpbGUiLCJvcGVuaWQiLCJzd2dfZW50aXRsZW1lbnRzIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.ml-Jy8wwwC4MtncH_PisVj2H7Ro6kiU8hOs2HfeoPNJ6ExNhHjRxGgXua2GoYPmqBNYBJLSzmiZGHHXVB4pToJ2ETL8nqWhU46hvtpPV1IS6aVjPm2yHcTj2ooDwTDt35xT8sLmvar96_dYPmjkiIWQt9QvI15XqYJ9XF3znudG7dMU7RmWfLo_v_S0U1tz4-90xNMEqxEyoGFkEeB9xes74hfu_Ptd_0k7jOxdYebd1tz2IX3XDDXbBjQyZzxn77Jr2Xs5MCgdCFspDUYCAjnBMpo0hj4I5TAADMGOI7zZFkxmmLArzzmxadcul-475QkmOpw-nmrnKRMs0vriTMg