Manually validating a JWT token in C#
up vote
3
down vote
favorite
I am having some trouble manually validating a JWT token issued by Identity Server 4. Using the
ClientId: "CLIENT1"
ClientSecret: "123456"
The exception I keep getting is: IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'
Is anyone able to advise me where I am going wrong.
private static void ValidateJwt(string jwt, DiscoveryResponse disco)
{
var parameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = disco.Issuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("123456")),
ValidAudience = "CLIENT1",
//IssuerSigningKeys = keys,
// ValidateAudience = true,
// ValidateLifetime = true,
};
SecurityToken validatedToken;
var handler = new JwtSecurityTokenHandler();
handler.InboundClaimTypeMap.Clear();
try
{
var user = handler.ValidateToken(jwt, parameters, out validatedToken);
}
catch(Exception ex)
{
var error = ex.Message;
}
}
c# jwt identityserver4
asked Feb 16 at 8:35
MarzSocks
2,60211427
add a comment |
up vote
3
down vote
favorite
I am having some trouble manually validating a JWT token issued by Identity Server 4. Using the
ClientId: "CLIENT1"
ClientSecret: "123456"
The exception I keep getting is: IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'
Is anyone able to advise me where I am going wrong.
private static void ValidateJwt(string jwt, DiscoveryResponse disco)
{
var parameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = disco.Issuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("123456")),
ValidAudience = "CLIENT1",
//IssuerSigningKeys = keys,
// ValidateAudience = true,
// ValidateLifetime = true,
};
SecurityToken validatedToken;
var handler = new JwtSecurityTokenHandler();
handler.InboundClaimTypeMap.Clear();
try
{
var user = handler.ValidateToken(jwt, parameters, out validatedToken);
}
catch(Exception ex)
{
var error = ex.Message;
}
}
c# jwt identityserver4
asked Feb 16 at 8:35
MarzSocks
2,60211427
Encoding.UTF8.GetBytes(can't be the right way to do this.
– Henk Holterman
Feb 16 at 9:49
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I am having some trouble manually validating a JWT token issued by Identity Server 4. Using the
ClientId: "CLIENT1"
ClientSecret: "123456"
The exception I keep getting is: IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'
Is anyone able to advise me where I am going wrong.
private static void ValidateJwt(string jwt, DiscoveryResponse disco)
{
var parameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = disco.Issuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("123456")),
ValidAudience = "CLIENT1",
//IssuerSigningKeys = keys,
// ValidateAudience = true,
// ValidateLifetime = true,
};
SecurityToken validatedToken;
var handler = new JwtSecurityTokenHandler();
handler.InboundClaimTypeMap.Clear();
try
{
var user = handler.ValidateToken(jwt, parameters, out validatedToken);
}
catch(Exception ex)
{
var error = ex.Message;
}
}
c# jwt identityserver4
asked Feb 16 at 8:35
MarzSocks
2,60211427
I am having some trouble manually validating a JWT token issued by Identity Server 4. Using the
ClientId: "CLIENT1"
ClientSecret: "123456"
The exception I keep getting is: IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'
Is anyone able to advise me where I am going wrong.
private static void ValidateJwt(string jwt, DiscoveryResponse disco)
{
var parameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = disco.Issuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("123456")),
ValidAudience = "CLIENT1",
//IssuerSigningKeys = keys,
// ValidateAudience = true,
// ValidateLifetime = true,
};
SecurityToken validatedToken;
var handler = new JwtSecurityTokenHandler();
handler.InboundClaimTypeMap.Clear();
try
{
var user = handler.ValidateToken(jwt, parameters, out validatedToken);
}
catch(Exception ex)
{
var error = ex.Message;
}
}
c# jwt identityserver4
c# jwt identityserver4
asked Feb 16 at 8:35
MarzSocks
2,60211427
asked Feb 16 at 8:35
MarzSocks
2,60211427
edited Feb 19 at 8:40
asked Feb 16 at 8:35
MarzSocks
2,60211427
asked Feb 16 at 8:35
MarzSocks
2,60211427
asked Feb 16 at 8:35
MarzSocks
2,60211427
2,60211427
Encoding.UTF8.GetBytes(can't be the right way to do this.
– Henk Holterman
Feb 16 at 9:49
add a comment |
Encoding.UTF8.GetBytes(can't be the right way to do this.
– Henk Holterman
Feb 16 at 9:49
Encoding.UTF8.GetBytes( can't be the right way to do this.– Henk Holterman
Feb 16 at 9:49
Encoding.UTF8.GetBytes( can't be the right way to do this.– Henk Holterman
Feb 16 at 9:49
add a comment |
4 Answers
4
active
oldest
votes
up vote
4
down vote
accepted
Check out ValidateJwt() in this sample:
https://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Clients/src/MvcManual/Controllers/HomeController.cs
The bit you're missing is loading the public key from the discovery document.
answered Feb 16 at 10:39
mackie
1,7251110
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
|
show 1 more comment
up vote
1
down vote
IdentityServer signs the JWT using RS256. This means you need to use a public key to verify the JWT (you can get this from the discovery document).
The client id & client secret are client credentials used for requesting tokens. They have no part in validating them.
answered Feb 16 at 9:52
Scott Brady
3,8011227
add a comment |
up vote
1
down vote
You are trying to use SymmetricKey for JWT validation. Try looking your token in JWT.io and if algorithm is"RS256" then SymmetricKey won't work.
answered Feb 17 at 20:51
akhileshcoer
1158
add a comment |
up vote
0
down vote
You have specified:
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
but the JwtSecurityTokenHandler could not match it with the key which can be part of jwt header itself. Basically it means that your configuration has mismatch[es] with configuration of the real issuer. The error suggests that this relates to the signature keys.
Please, check the configuration of that issuer (if you can), find out missed parts, and try again.
You can use jwt.io to debug your jwt online.
answered Feb 16 at 9:12
stukselbax
4,19822545
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
Check out ValidateJwt() in this sample:
https://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Clients/src/MvcManual/Controllers/HomeController.cs
The bit you're missing is loading the public key from the discovery document.
answered Feb 16 at 10:39
mackie
1,7251110
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
|
show 1 more comment
up vote
4
down vote
accepted
Check out ValidateJwt() in this sample:
https://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Clients/src/MvcManual/Controllers/HomeController.cs
The bit you're missing is loading the public key from the discovery document.
answered Feb 16 at 10:39
mackie
1,7251110
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
|
show 1 more comment
up vote
4
down vote
accepted
up vote
4
down vote
accepted
Check out ValidateJwt() in this sample:
https://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Clients/src/MvcManual/Controllers/HomeController.cs
The bit you're missing is loading the public key from the discovery document.
answered Feb 16 at 10:39
mackie
1,7251110
Check out ValidateJwt() in this sample:
https://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Clients/src/MvcManual/Controllers/HomeController.cs
The bit you're missing is loading the public key from the discovery document.
answered Feb 16 at 10:39
mackie
1,7251110
edited yesterday
answered Feb 16 at 10:39
mackie
1,7251110
answered Feb 16 at 10:39
mackie
1,7251110
answered Feb 16 at 10:39
mackie
1,7251110
1,7251110
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
|
show 1 more comment
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
Its all about the public key.. not private a key. Thanks
– MarzSocks
Feb 16 at 12:16
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
I find I intermittently get this error, any reason why? Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match keys: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', token: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.'
– MarzSocks
Feb 16 at 13:19
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Are you using a signing cert that's generated at runtime maybe?
– mackie
Feb 16 at 16:50
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
Turns out that it was the load balancer.
– MarzSocks
Feb 19 at 8:39
1
1
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
@PhillipScottGivens Link updated, they must have deleted the branch.
– mackie
yesterday
|
show 1 more comment
up vote
1
down vote
IdentityServer signs the JWT using RS256. This means you need to use a public key to verify the JWT (you can get this from the discovery document).
The client id & client secret are client credentials used for requesting tokens. They have no part in validating them.
answered Feb 16 at 9:52
Scott Brady
3,8011227
add a comment |
up vote
1
down vote
IdentityServer signs the JWT using RS256. This means you need to use a public key to verify the JWT (you can get this from the discovery document).
The client id & client secret are client credentials used for requesting tokens. They have no part in validating them.
answered Feb 16 at 9:52
Scott Brady
3,8011227
add a comment |
up vote
1
down vote
up vote
1
down vote
IdentityServer signs the JWT using RS256. This means you need to use a public key to verify the JWT (you can get this from the discovery document).
The client id & client secret are client credentials used for requesting tokens. They have no part in validating them.
answered Feb 16 at 9:52
Scott Brady
3,8011227
IdentityServer signs the JWT using RS256. This means you need to use a public key to verify the JWT (you can get this from the discovery document).
The client id & client secret are client credentials used for requesting tokens. They have no part in validating them.
answered Feb 16 at 9:52
Scott Brady
3,8011227
answered Feb 16 at 9:52
Scott Brady
3,8011227
answered Feb 16 at 9:52
Scott Brady
3,8011227
answered Feb 16 at 9:52
Scott Brady
3,8011227
3,8011227
add a comment |
add a comment |
up vote
1
down vote
You are trying to use SymmetricKey for JWT validation. Try looking your token in JWT.io and if algorithm is"RS256" then SymmetricKey won't work.
answered Feb 17 at 20:51
akhileshcoer
1158
add a comment |
up vote
1
down vote
You are trying to use SymmetricKey for JWT validation. Try looking your token in JWT.io and if algorithm is"RS256" then SymmetricKey won't work.
answered Feb 17 at 20:51
akhileshcoer
1158
add a comment |
up vote
1
down vote
up vote
1
down vote
You are trying to use SymmetricKey for JWT validation. Try looking your token in JWT.io and if algorithm is"RS256" then SymmetricKey won't work.
answered Feb 17 at 20:51
akhileshcoer
1158
You are trying to use SymmetricKey for JWT validation. Try looking your token in JWT.io and if algorithm is"RS256" then SymmetricKey won't work.
answered Feb 17 at 20:51
akhileshcoer
1158
answered Feb 17 at 20:51
akhileshcoer
1158
answered Feb 17 at 20:51
akhileshcoer
1158
answered Feb 17 at 20:51
akhileshcoer
1158
1158
add a comment |
add a comment |
up vote
0
down vote
You have specified:
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
but the JwtSecurityTokenHandler could not match it with the key which can be part of jwt header itself. Basically it means that your configuration has mismatch[es] with configuration of the real issuer. The error suggests that this relates to the signature keys.
Please, check the configuration of that issuer (if you can), find out missed parts, and try again.
You can use jwt.io to debug your jwt online.
answered Feb 16 at 9:12
stukselbax
4,19822545
add a comment |
up vote
0
down vote
You have specified:
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
but the JwtSecurityTokenHandler could not match it with the key which can be part of jwt header itself. Basically it means that your configuration has mismatch[es] with configuration of the real issuer. The error suggests that this relates to the signature keys.
Please, check the configuration of that issuer (if you can), find out missed parts, and try again.
You can use jwt.io to debug your jwt online.
answered Feb 16 at 9:12
stukselbax
4,19822545
add a comment |
up vote
0
down vote
up vote
0
down vote
You have specified:
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
but the JwtSecurityTokenHandler could not match it with the key which can be part of jwt header itself. Basically it means that your configuration has mismatch[es] with configuration of the real issuer. The error suggests that this relates to the signature keys.
Please, check the configuration of that issuer (if you can), find out missed parts, and try again.
You can use jwt.io to debug your jwt online.
answered Feb 16 at 9:12
stukselbax
4,19822545
You have specified:
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
but the JwtSecurityTokenHandler could not match it with the key which can be part of jwt header itself. Basically it means that your configuration has mismatch[es] with configuration of the real issuer. The error suggests that this relates to the signature keys.
Please, check the configuration of that issuer (if you can), find out missed parts, and try again.
You can use jwt.io to debug your jwt online.
answered Feb 16 at 9:12
stukselbax
4,19822545
answered Feb 16 at 9:12
stukselbax
4,19822545
answered Feb 16 at 9:12
stukselbax
4,19822545
answered Feb 16 at 9:12
stukselbax
4,19822545
4,19822545
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f48822860%2fmanually-validating-a-jwt-token-in-c-sharp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Encoding.UTF8.GetBytes(can't be the right way to do this.– Henk Holterman
Feb 16 at 9:49