How to validate my JWT against secret/key in c# WebApi

floppabellic · March 12, 2023, 6:47pm

Hey guys. I have created auth0 API so can retrieve JWT if passing ‘audience’ while authenticating user.

I want to add JWT middleware to my .net WebApi application. I’m following quickstart provided in my API panel and everything is working fine.

But quickstart doesnt specify how can i force my middleware to validate that my JWT was been signed using specific secret (screenshot).

Are my thoughts right? Or i’m missing some puzzles and validation against specific secret is not required? How does API then can know if JWT why signed by valid authority? If it’s required what is the secret? Is it the secret that i see in my application dashboard?

Thank you in advance:)

dan.woda · March 16, 2023, 5:54pm

Hi @floppabellic,

Assuming you are referencing this quickstart, the setup has tokens signed with an asymmetric signing algo, meaning they can be decoded with a public key.

That key is provided via a public endpoint, which your API can use to retrieve the key and validate the token.

Does that make sense?

Here’s some additional resources:

Topic		Replies	Views
Validating Signature JWT with Certificate RS512 JWT.io	2	4968	July 28, 2020
How does signing a token work? (Invalid Signature Error) Help jwt , auth0 , hs256	1	7432	March 9, 2020
Validate JWT in C# Help connections , connection-provisioning-flows	4	2418	May 9, 2023
Sanity Check: RS256 JWT tokens, signing and verifying? Help jwt , net-core	1	3923	March 2, 2018
JWT/Access token is not invalid when I think it should be (using client credentials flow) Help jwt	3	7909	March 2, 2020

How to validate my JWT against secret/key in c# WebApi

Related Topics