How to validate my JWT against secret/key in c# WebApi

floppabellic · March 12, 2023, 6:47pm

Hey guys. I have created auth0 API so can retrieve JWT if passing ‘audience’ while authenticating user.

I want to add JWT middleware to my .net WebApi application. I’m following quickstart provided in my API panel and everything is working fine.

But quickstart doesnt specify how can i force my middleware to validate that my JWT was been signed using specific secret (screenshot).

Are my thoughts right? Or i’m missing some puzzles and validation against specific secret is not required? How does API then can know if JWT why signed by valid authority? If it’s required what is the secret? Is it the secret that i see in my application dashboard?

Thank you in advance:)

dan.woda · March 16, 2023, 5:54pm

Hi @floppabellic,

Assuming you are referencing this quickstart, the setup has tokens signed with an asymmetric signing algo, meaning they can be decoded with a public key.

That key is provided via a public endpoint, which your API can use to retrieve the key and validate the token.

Does that make sense?

Here’s some additional resources:

Topic		Replies	Views
How does signing a token work? (Invalid Signature Error) Help jwt , auth0 , hs256	1	7426	March 9, 2020
Validate JWT in C# Help connections , connection-provisioning-flows	4	2410	May 9, 2023
How do I validate a token via Web API Access? Help api-authorization , net-core , jwt-validation	10	9414	March 2, 2018
How to validate the jwt on server? Help login-experience , new-universal-login-experience	2	2833	August 18, 2023
Having trouble with my node-Api validating my react client-side jwt-token Help api , react , validation	4	5132	March 2, 2018

How to validate my JWT against secret/key in c# WebApi

Related Topics