Closed jonmiller1 closed 7 years ago
What version you're using? Can you send your code, also exception?
@abatishchev I see the AlgorithmFactory
is missing the RS256Algorithm
, is it missing by design?
Im currently using version 2.3.2 and receiving InvalidOperationException
with "Algorithm RS256 is not supported.",
Doh, yeah. I see where is the problem is: RS256Algorithm
accepts X509Certificate2
in its ctor.
It's not an issue for JwtEncoder
because it accepts IJwtAlgorithm
in its ctor and you can instantiate it directly.
But it is an issue for JwtDecoder
which uses AlgorithmFactory
which can't pass anything other than algorithm's name.
Let me think how to address this. If you have any ideas, please post immediately.
Check this out: https://github.com/jwt-dotnet/jwt/pull/101.
Since default AlgorithmFactory
can't do it, let's introduce IAlgorithmFactory
implemented by both default HMACSHAAlgorithmFactory
and new RSAlgorithmFactory
.
The latter accepts Func<X509Certificate2
> so you can specify how it will instantiate new RS256Algorithm(X509Certificate2)
.
What do you think? if that works, I can merge and publish new nuget shortly.
This looks pretty neat! Thanks for the quick response.
I'll see if i can take some time this weekend and add some tests upon these classes.
@abatishchev this looks really good to me.
Great! Thanks for bringing-in/following-up. Let's continue the discussion (if any) in the PR.
I'm having trouble verifying signature. I have an access token signed with a private key and I was given an endpoint to get the public key using the keyid. The provider basically signs each token with different keyids. So basically I followed your approach https://github.com/jwt-dotnet/jwt#parsing-decoding-and-verifying-tokens
byte[] pubKey = GetPublicKeyFromCache();
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
var algorithmFactory = new RSAlgorithmFactory(CertFactory);
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithmFactory);
var accessTokenData = decoder.DecodeToObject<JwsTokenData>(accessToken, pubKey, true);
private X509Certificate2 CertFactory()
{
byte[] pubKey = GetPublicKeyFromCache();
var cert = new X509Certificate2(pubKey);
return cert;
}
alg is RS256. I get the following exception.
System.Security.Cryptography.CryptographicException was caught
HResult=-2146885623
Message=Cannot find the requested object.
Source=mscorlib
StackTrace:
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType(Byte[] rawData)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
at .CertFactory() in
at JWT.Algorithms.RSAlgorithmFactory.Create(JwtHashAlgorithm algorithm)
at JWT.JwtDecoder.Validate(String payload, String payloadJson, String[] parts, Byte[] key)
at JWT.JwtDecoder.DecodeToObject[T](String token, Byte[] key, Boolean verify)
@sparachi hi, can you please copy/paste your question to a new issue? thanks! meanwhile I'm looking into it.
@abatishchev , @sparachi any update on the RSA256 issue?
@Jack3964925: are your facing an exception? What version are you using? Please open a new issue since this one is from August 2017.
I'm trying to validate a token from Google Plus. I get an error that says RSA256 is not supported. I can see the algorithm in the source code. Is there any way to get this going?