JSON Web Token in C#

Question

I use a example

public static string Encode(string email, string certificateFilePath)
{
    var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
    var issueTime = DateTime.Now;

    var iat = (int)issueTime.Subtract(utc0).TotalSeconds;
    var exp = (int)issueTime.AddMinutes(55).Subtract(utc0).TotalSeconds; // Expiration time is up to 1 hour, but lets play on safe side

    var payload = new
    {
        iss = "515607141555-ish9rcudsatn8udhs04ivbh3dgsja5mr@developer.gserviceaccount.com",
        scope = "https://www.googleapis.com/auth/prediction",
        aud = "https://www.googleapis.com/oauth2/v3/token",
        exp = exp,
        iat = iat
    };

    var certificate = new X509Certificate2(certificateFilePath, "notasecret");

    var privateKey = certificate.Export(X509ContentType.Cert);

    return JsonWebToken.Encode(payload, privateKey, JwtHashAlgorithm.RS256);
}

I get result：

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MTU2MDcxNDE1NTUtaXNoOXJjdWRzYXRuOHVkaHMwNGl2YmgzZGdzamE1bXJAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92My90b2tlbiIsImV4cCI6MTQyNzczNTUxNiwiaWF0IjoxNDI3NzMyMjE2fQ.A6Rx1xX8n9vAsICXlT0OxZfTFbiE1tEOfQvKVb5im08

then POST URL：https://www.googleapis.com/oauth2/v3/token

{
    "error": "invalid_grant",
    "error_description": "Bad Request"
}

where is wrong?

Answer 1

Fail reason：

1. example：RSA256 is wrong，correct

   SignData(inputBytes, "SHA256")
   

2. exp,iat is wrong，correct -- DateTime.UtcNow

   var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
   var issueTime = DateTime.UtcNow;
   
   var iat = (int)issueTime.Subtract(utc0).TotalSeconds;
   var exp = (int)issueTime.AddMinutes(55).Subtract(utc0).TotalSeconds;