简体   繁体   中英

Invalid JWT Signature

I know. I know. LOTS of questions with this exact title. But of all the ones I've looked at, I can't find one that is creating the JWT using a List<Claim> , an issuer and an audience .

    private string GetTokenString()
    {
        var claims = new List<Claim>()
        {
            new Claim("claim1", "foo-anything"),
            new Claim("claim2", "bar-anything")
        };

        string keyValue = "1234567890qwertyuiopasdfghjklzxcvbnm";  // NOT THE REAL KEY (changed for this SO question)
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyValue));

        var jwtToken = new JwtSecurityToken
          (
              issuer: "https://xxxxxx.net",
              audience: "https://www.xxxxxx.com",
              claims: claims,
              signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature),
              expires: DateTime.Now.AddMinutes(30)
          );

        var handler = new JwtSecurityTokenHandler();
        string tokenString = handler.WriteToken(jwtToken);

        return tokenString;
    }

Then if I take tokenString and plug it into https://jwt.io/ , I get

Invalid Signature

Is there something wrong with the way I'm creating the JWT?

在此处输入图像描述

See the base64 encoding of your signing key

1234567890qwertyuiopasdfghjklzxcvbnm

comes out to be this

MTIzNDU2Nzg5MHF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5t

Please use this value to validate the generated token, in this case the check box should be checked.

If you leave the check box blank then use the same value as you have in your code.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM