Reputation: 4110
Retrieve raw jwt token value in asp.net core
I'd like to retrieve the raw value of the jwt token from an authorized request. I know it's the source for all the claims, but I have a use case for needing the original raw value. Is there any way to retrieve it? In case it depends on the authentication type, we're using OpenIdConnect (scheme = Oidc).
Upvotes: 5
Views: 4939
Answers (5)
Reputation: 53
Although it's an old question, I found myself searching for a way to do this on .NET 7. This is one way to get access to the raw Bearer (JWT) token passed on a request:
[Route("api/[controller]")]
[TestController]
public class TestController : ControllerBase
{
private readonly IHttpContextAccessor _httpContextAccessor;
public TestController(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
[HttpGet]
public async Task<IActionResult> GetSomethingAsync()
{
StringValues authHeaders = string.Empty;
_httpContextAccessor.HttpContext?.Request.Headers
.TryGetValue("Authorization", out authHeaders);
var tokenAsRawString = authHeaders.ToString();
// do something with token
...
}
}
Upvotes: 1
Reputation: 337
Depending on you setup, you may simply be able to to grab the access token from the Authorization Header. Example:
[Authorize(AuthenticationSchemes = "Bearer")]
[HttpGet("GetStuff")]
public async Task<IActionResult> GetStuff()
{
var access_token = HttpContext.Request.Headers["Authorization"];
}
In Core 2.0, the AuthenticationManager class in ycrumeyrolle's answer has been marked obsolete. You can substitute this line of code:
var token = await AuthenticationHttpContextExtensions.GetTokenAsync(HttpContext, "<name_of_signin_scheme>", "access_token");
Upvotes: 2
Reputation: 11307
There is a short blog post about exactly this issue: http://www.jerriepelser.com/blog/aspnetcore-jwt-saving-bearer-token-as-claim/
You can either save the token in the AuthenticationProperties (see also the answer of @ycrumeyrolle). or you save the token as a claim in the OnTokenValidated callback. This is set up in the JwtBearerOptions. Please see the linked article for all the details.
Upvotes: 0
Reputation: 525
You can try this :
// add JWT authentication (change to OIDC if you prefer)
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
StoreToken = true
});
// then in your code...
var rawToken = await authenticationManager.GetTokenAsync("<name_of_signin_scheme>", "access_token");
The drawback is that the token will be stored in the properties then in an authentication cookie, if any.
Otherwise, you can get the raw token with the ReceivedToken event.
The GetTokenAsync() method can be found in the Microsoft.AspNetCore.Authentication, in the namespace of the same name.
Upvotes: 0
Reputation: 3321
What do you mean with raw? The token itself is raw, is just a base64 of the token itself. If you put the token on jwt.io, you can always decode it, it's not a secret stuff.
If you think you need the raw token because you need some of the values it have inside itself, the best thing to do is to add a copy of those element to the authorization response, as additional items.
Upvotes: 0
Related Questions
- How to force expire a JWT token in ASP.Net Core?
- JWT refresh token flow
- How do you create a custom AuthorizeAttribute in ASP.NET Core?
- How to decode jwt token in javascript without using a library?
- ASP.NET core JWT authentication always throwing 401 unauthorized
- JWT (JSON Web Token) automatic prolongation of expiration
- How does server return JWT token to the client?
- ASP.NET Core JWT with Custom Authentication Type
- OneLogin: Get JWT Token programmatically
- ASP.NET Core 1.0. Bearer Token, cannot access custom claims