stackoom
  简体   繁体   中英

How to authenticate jwt token in azure function

 原文  2019-09-06 22:18:15       c#/ jwt/ azure-functions

Question

Hi I have a azure function where I'm trying to get the current id of the user from a jwt token.

I'm currently reading it from the header which makes sense to me but I'm concerned I may not be following best practices.

Also the first line seems a bit hacky to me.

Can you guys please take a look at it and suggest how I can improve this.

Or is this totally the wrong approach? 

[FunctionName(nameof(GetDates))]
public static async Task<IActionResult> Run(

[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "dates")]HttpRequest req, ILogger logger, [Table("Date")] CloudTable table

            )

        {

            var token = req.Headers["Authorization"][0].Replace("Bearer ", string.Empty);



            var handler = new JwtSecurityTokenHandler();

           var jtToken = handler.ReadJwtToken(token);



            var userId = jtToken.Payload["Id"].ToString();

1 answers

solution1
 0  2019-09-09 06:59:45

from your code seems you just read out the claim value from jwt token Payload but you have not authenticate the jwt token.

Generally , Jwt tokens composed by three pieces : Header,payload,signature. 

Header - Provides information about how to validate the token including information about the type of token and how it was signed.

Payload - Contains all of the important data about the user or app that is attempting to call your service.

Signature - Is the raw material used to validate the token.

Each part is based64 encoded and be Split by "." in jwt, you can parse your jwt here to check its Header and Payload: https://jwt.io/

Signature is composed by header and payload content and signed with a private key of Identity provider(who issued this jwt).

If you want to verify the jwt, the work you should do is getting a public key from Identity provider and use this public key to unlock the signature part: you will get the cleartext value of Header and Payload. If the content of Header and Payload of jwt is totally same you unlocked from Signature part, this means this token is a validated one.

This is a post about how to verify a jwt from Azure AD , It think it will be helpful for you . If you have any further concerns , pls feel free to let me know.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to authenticate MVC user login form with web API JWT token? JWT Token generates but does not Authenticate (401) Azure AD Jwt Bearer token Azure KeyVault - Sign JWT Token How to authorize an API endpoint with both JWT and Azure Ad token? How to authenticate from Web API controller endpoint when implementing Identity 2.1 + OWIN OAuth JWT bearer token How to read jwt token from external API to authenticate user and insert the user name and email id in the database How to decode JWT Token? How to validate a JWT token How to authenticate correctly in SharePoint Online from Azure Function with API Graph?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM