invalid signature - JWT is required to have three segments

Question

I am using OAuthAuthorizationServerProvider from Microsoft Owin Security and here is I am using code,

 var oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions()
        {
            TokenEndpointPath = new Microsoft.Owin.PathString("/token"), 
            AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
            AllowInsecureHttp = true,
            Provider = new CustomOAuthProvider()
        };

CustomOAuthProvider,

  public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{
    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        var lstClients = ClientService.GetClients();

        if (lstClients.Count <= 0) return base.ValidateClientAuthentication(context);

        context.TryGetFormCredentials(out var clientId, out var clientSecret);

        if (lstClients.Count(c => c.ClientId == clientId) > 0
            && lstClients.Count(c => c.ClientPassword == clientSecret) > 0)
        {
            context.Validated(clientId);
        }

        return base.ValidateClientAuthentication(context);
    }

    public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
    {
        var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
        claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, context.ClientId));
        var props = new AuthenticationProperties(new Dictionary<string, string>
        {
            { "client_id", context.ClientId },
            { "scope", string.Join(" ",context.Scope) }
        });
        var ticket = new AuthenticationTicket(claimsIdentity, props);
        context.Validated(ticket);
        return base.GrantClientCredentials(context);
    }
}

I am here trying to add scope , but looks like this is not correct way to add, even all looks good and working and when I am trying to view token,

• in jwt.IO I am seeing invalid signature error.
• in calebb.net , it's saying - JWT is required to have three segments

What's wrong here? Please suggest.

Answer 1

For a JWT token to be valid, you have to have three segments as your error message says.

According to the documentation:

In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

• Header
• Payload
• Signature

Therefore, a JWT typically looks like the following.

xxxxx.yyyyy.zzzzz

You have to examine the code of your custom provider to ensure that those three segments are actually present. They have to be separated by a dot.