Hmac using .NET 6.0

I am trying to duplicate this line from the jwt documentation in .NET 6.0 using C# hmac(${encodedHeader}.${encodedPayload}, secret, sha256); I cannot seem to find the correct library that allows me to produce this code.

Hi @rguararra,

Welcome to the Auth0 Community!

Can you provide a link to the doc you are referencing?

It looks like it’s right here: GitHub - auth0/jwt-handbook-samples: JWT Handbook code samples

Those examples are all JavaScript. I’m looking for C# .NET 6 solution for JWT. Everything that I found produces a Byte output and when I do convert it to a string format (Base64UrlEncoder), the JWT debugger states I have an incorrect signature.

Let’s ignore the JS and JWT handbook stuff for now.

To clarify; you are looking to encode and sign a JWT using .NET/C#.

Here’s the most popular library and an example:

If you have trouble, it’s helpful to see the code you are trying to use, and any relevant errors/logs.

When I paste my token into the jwt debugger, it claims I have an invalid signature. I’ve pasted my code below. What am I doing wrong? Please help.

IJwtAlgorithm algorithm = new JWT.Algorithms.HMACSHA256Algorithm();
            IJsonSerializer serializer = new JsonNetSerializer();
            IDateTimeProvider provider = new UtcDateTimeProvider();
            IJwtValidator validator = new JwtValidator(serializer, provider);
            IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
            IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);

            string unixTimestampNow = unixTime.ToUnixTime(DateTime.Now);
            DateTime dateTime = DateTime.Now;
            string unixTimestampPlusFive = unixTime.ToUnixTime(dateTime.AddHours(5));

            //string headerData = @"{ ""alg"":""HS256"", ""typ"":""JWT""}";
            string payloadData = @"{ ""iss"": " + apiInfo.APIKey + @", ""iat"": " + unixTimestampNow + @", ""exp"": " + unixTimestampPlusFive + @"}";

            var jsSerializer = new JavaScriptSerializer();
            //Dictionary<string, object> headerObj = (Dictionary<string, object>)jsSerializer.DeserializeObject(headerData);
            Dictionary<string, object> payloadObj = (Dictionary<string, object>)jsSerializer.DeserializeObject(payloadData);

            UTF8Encoding _utf8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false);
            byte[] signature = _utf8Encoding.GetBytes(apiInfo.APISecret);
            var token1 = encoder.Encode(payloadObj, signature);
            var token = encoder.Encode(payloadObj, apiInfo.APISecret);

Can you please provide an example token?

Here is the token I get when I run the software. You will notice that the Header and the Payload are correct, but the signature is not.


That looks like a valid token, it may just be a formatting issue with your secret.

Have tried checking the “base64 encoded” box?

If I first check the box as you suggest, and then paste the token in the encoded section, it still comes up with Invalid Signature.

Are you submitting the secret you used to encode the token?

That was what I was missing. I left the box unchecked, added the secret key, then added the token, and that sequence worked - signature verified. Thank you for all your time and help! It is greatly appreciated!

No problem!

Let me know if you have any questions about what is happening there.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.