Reputation: 57
How to Validate Apigee Edge generated JWT Token from .NET/C# code?
I have created a proxy in Apigee Edge to Generate JWT token. I have created another proxy in Apigee Edge Validate the JWT token, and I am able to Validate using that. Now I am unable to Validate the JWT Token completely from .NET/C# code.
Below is the .NET code I tried:
private static bool ValidateToken(string authToken, string key)
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = GetValidationParameters(key);
SecurityToken validatedToken;
IPrincipal principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
return true;
}
private static TokenValidationParameters GetValidationParameters(string key)
{
return new TokenValidationParameters()
{
ValidateLifetime = false, // Because there is no expiration in the generated token
ValidateAudience = false, // Because there is no audiance in the generated token
ValidateIssuer = false, // Because there is no issuer in the generated token
ValidIssuer = "urn:apigee-edge-JWT-policy-test",
ValidAudience = "audience1",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("key")) // The same key as the one that generate the token
};
}
And the JWT Generation Policy Code from Apigee Edge:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT-1">
<DisplayName>Generate JWT-1</DisplayName>
<Algorithm>HS256</Algorithm>
<SecretKey>
<Value ref="private.key"/>
</SecretKey>
<Subject>subject-subject</Subject>
<Issuer>urn://apigee-edge-JWT-policy-test</Issuer>
<Audience>audience1,audience2</Audience>
<ExpiresIn>8h</ExpiresIn>
<AdditionalClaims>
<Claim name="userId" type="string" ref="request.formparam.username"/>
</AdditionalClaims>
<OutputVariable>jwt-variable</OutputVariable>
</GenerateJWT>
Here is the error message:
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey, KeyId: '', InternalId: '96edcecb-17ad-4022-a50b-558f426ed337'. , KeyId: '. Exceptions caught: 'System.ArgumentOutOfRangeException: IDX10603: Decryption failed. Keys tried: 'HS256'. Exceptions caught: '128'. token: '96' Parameter name: KeySize at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) '.........
Upvotes: 2
Views: 918
Answers (2)
Reputation: 57
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("key"))
In the above code, the size of the "key" value was smaller than expected.
Upvotes: 1
Reputation: 3416
Your keysize is not long enough like the exception mentions:
Exceptions caught: '128'. token: '96' Parameter name: KeySize
use a longer key that matches the excepted size
Upvotes: 0
Related Questions
- How to validate JWT Token in aspnet.core web api?
- Manually validating a JWT token in C#
- How to validate a JWT token
- .Net Core API JWT Token Validation
- How to verify JWT id_token produced by MS Azure AD with C# and .net?
- Validate JWT token in .Net
- Asp.net Jwt token validation
- ASP.Net Core JWT Token validation
- How to verify JWT signature manually in Asp.net Core
- How to validate and decode a JWT created by an asp.net Web-Api in JavaScript