scene:The company's project is based on .net4.0. The web client needs to decrypt id_token by itself. For jwt decryption, .net provides an IdentityModel class library, but this class library is not available in 4.0, so I implement the decryption method by myself..
Class library is used:Link address
The following is the code, and the DecodeJWT method can be called directly. The parameter is id_token, and the key defaults to an empty string "",
Code
public static IDictionary<string, object> DecodeJWT(string jwttoken,string key)
{
//Get jwks_uri from /.well-known/openid-configuration path var webClient = new WebClient();
var endpoint = "http://localhost:5000/.well-known/openid-configuration";
var json = (endpoint);
JObject metadata = <JObject>(json);
var jwksUri = metadata["jwks_uri"].ToString();
//Get keys from jwks_uri json = (jwksUri);
var keys = <CustomJWKs>(json);
//Get the head kid from jwt and find the key matching kid from keys string[] tokenParts = ('.');
byte[] bytes = FromBase64Url(tokenParts[0]);
string head= Encoding.(bytes);
string kid = <JObject>(head)["kid"].ToString();
var defaultkey=(t => == kid).FirstOrDefault();
if(defaultkey==null)
{
throw new Exception("No matching kid found");
}
//jwt decryption return RS256Decode(jwttoken, key, , );
}
public static IDictionary<string, object> RS256Decode(string token, string secret, string exponent,string modulus)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
RSAlgorithmFactory rS256Algorithm = new RSAlgorithmFactory(() =>
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
(
new RSAParameters()
{
Modulus = FromBase64Url(modulus),
Exponent = FromBase64Url(exponent)
});
byte[] rsaBytes = (true);
X509Certificate2 cert = new X509Certificate2(rsaBytes);
return cert;
});
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, rS256Algorithm);
var json = (token, secret, verify: false);
return json;
}
catch (TokenExpiredException)
{
throw new Exception("Token has expired");
//("Token has expired");
//return null;
}
catch (SignatureVerificationException)
{
throw new Exception("Token verification failed");
//("Token has invalid signature");
//return null;
}
}
public static byte[] FromBase64Url(string base64Url)
{
string padded = % 4 == 0
? base64Url : base64Url + "====".Substring( % 4);
string base64 = ("_", "/")
.Replace("-", "+");
return Convert.FromBase64String(base64);
}
The above is all the content of this article. I hope it will be helpful to everyone's study and I hope everyone will support me more.