CODEWITHSUNDEEP
javascriptc#reactjsjwt
ivica.moke
ivica.moke

Reputation: 1064

Verify Token generated in C# with System.IdentityModel.Tokens.Jwt

I have created a token like this in my web api with C#.

 private const string Secret = "someSecretKey";

        public static string GenerateToken(AuthModel user, int expireMinutes = 20)
        {
            var symmetricKey = Convert.FromBase64String(Secret);
            var tokenHandler = new JwtSecurityTokenHandler();

            var now = DateTime.UtcNow;
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new[]
                        {
                            new Claim(ClaimTypes.Name, user.Username),
                            new Claim(ClaimTypes.Role, ((Roles)user.RoleId).ToString()),
                            new Claim("guid",user.Guid)
                        }),

                Expires = now.AddMinutes(Convert.ToInt32(expireMinutes)),

                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256Signature)
            };

            var stoken = tokenHandler.CreateToken(tokenDescriptor);
            var token = tokenHandler.WriteToken(stoken);

            return token;
        }

and when im usin that API for reactjs app i get the token but cant verify it with same secret key. Im getting error INVALID SIGNATURE. Im using jsonwebtoken npm package,

   import jwt from 'jsonwebtoken';
jwt.verify(token, keys.jwtSecret, async (err) => { 
      if (err) {
        //console.log('Token expired at: ', err.expiredAt)
        console.log("error", err)
      }
      else {
        dispatch(login(token));
      }
    });

i never hit that dispatch(login(token)). I'm using this to check if token saved in localStorage is still valid to keep user signed in.

Any help is appreciated.

Upvotes: 2

Views: 1234

Answers (1)

ivica.moke
ivica.moke

Reputation: 1064

I've found solution. Couldn't just push secretKey in jwt.verify(token,secretKey); That doesn't work because some base64 encoding/decoding algorithms. What i had to do is first to make a Buffer from my secret like:

const secret = new Buffer("myTokeSecretString", "base64");

and then pass that secret to verify method and it works.

Upvotes: 1

Related Questions