This is the decode method I was using, worked fine, but when we moved to the RS256 it tanks when “verify” is true.
Otherwise everything decodes okay… is this a concern?
It’s not recommended to roll your own JWT processing and verification logic. The best thing to do is to use an already established library that does that for you.
You can check the libraries section in jwt.io, in particular the .NET ones. For .NET, in general, you would go with System.IdentityModel.Tokens.Jwt from Microsoft.
Oh great. that lib is included in sitefinity anyway… so the reason for not decoding your own is for security reasons?