Dotnet Core API well-known-jwks.json

martin.d.weel · January 14, 2022, 6:07pm

I am trying to validate a token on my Dotnet Core API using following the example…

https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/01-authorization

The page says “By default, your API uses RS256 as the algorithm for signing tokens. Since RS256 uses a private/public keypair, it verifies the tokens against the public key for your Auth0 account. The public key is in the JSON Web Key Set (JWKS) format, and can be accessed here.”

However the code provided does nothing to use the well-known-jwks.json end point. Do you have Dotnet Core code example that uses the end point for the public keys to validate the token?

Thank you in advance.

SaqibHussain · January 15, 2022, 2:59pm

Hi @martin.d.weel

Thanks for contacting us at Auth0 Community.

The section here https://auth0.com/docs/quickstart/backend/aspnet-core-webapi#validate-access-tokens
Is what you need. It doesn’t need to reference the JWKS explicitly, the fact that you have referenced the authority (domain) it will retrieve the key from here. I think it uses the generic endpoint https://YOUR_DOMAIN/.well-known/openid-configuration to access the link to the JWKS but that’s an assumption.

This document will also help you https://developer.okta.com/blog/2018/03/23/token-authentication-aspnetcore-complete-guide

All the best.

Topic		Replies	Views
JWT token validation and JWKS (asp.net core webapi 6) Help	2	4825	May 27, 2022
Sanity Check: RS256 JWT tokens, signing and verifying? Help jwt , net-core	1	3919	March 2, 2018
RSA256/JWKS JWT validation using Auth0's `java-jwt` and `jwks-rsa-java` Help java-jwt-support-doc	5	21664	October 17, 2022
How to validate my JWT against secret/key in c# WebApi Help apis , application	1	1669	March 16, 2023
Can my api server trust the access token from auth0? Help configuration , application	2	813	July 3, 2023

Dotnet Core API well-known-jwks.json

Related Topics