Closed hanselsen closed 1 year ago
Hi, In general, to better assist you, please provide the version of the library and the target framework.
But in this particular case, this information is not needed. The second parameter key/keys
is an artifact of the past and is used only by symmetric algorithms. Here's the code:
In case of asymmetric algorithm, the instance of an algorithm holds the certificate object and uses it to validate the signature:
Hope this helps.
@abatishchev thanks so much. As I understand correctly, passing the key/keys to the decoding has no effect at all, because it uses the certificate in my algorithm. I can safely assume that the data is verified during the decoding process? 🙂
I guess where I got confused was that JwtEncoder.Encode
expects either a string or a byte[], whereas JwtDecoder.Decode
is fine with just the token.
Anyhow, I now have the following:
JwtEncoder.Encode(payload, default(byte[]))
and JwtDecoder.Decode(tokenString);
Yes, the 3rd parameter verify
controls whether the signature is verified. By default it's true
.
To make sure it works, try to malform the signature and run with true
. Then run with false
.
Some methods's definitions are legacy and there might not not enough overloads indeed. Please feel free to open a PR and add some more. Contributions are always welcome and I try to review and merge them quickly :)
Thanks! The library is very useful.
Using the code below:
When I parse the token with jwt.io, I can conclude that the token is created properly. However, the decoding ALWAYS succeeds. With the code below the
decoded
is always set. No exceptions are thrown.Do I not understand the library, or is this a bug?