How to validate my JWT against secret/key in c# WebApi

Hey guys. I have created auth0 API so can retrieve JWT if passing ‘audience’ while authenticating user.

I want to add JWT middleware to my .net WebApi application. I’m following quickstart provided in my API panel and everything is working fine.

But quickstart doesnt specify how can i force my middleware to validate that my JWT was been signed using specific secret (screenshot).

Are my thoughts right? Or i’m missing some puzzles and validation against specific secret is not required? How does API then can know if JWT why signed by valid authority? If it’s required what is the secret? Is it the secret that i see in my application dashboard?

Thank you in advance:)

Hi @floppabellic,

Assuming you are referencing this quickstart, the setup has tokens signed with an asymmetric signing algo, meaning they can be decoded with a public key.

That key is provided via a public endpoint, which your API can use to retrieve the key and validate the token.

Does that make sense?

Here’s some additional resources:

• JSON Web Token (JWT) Signing Algorithms Overview
• Signing Algorithms
• How to Explain Public-Key Cryptography and Digital Signatures to Non-Techies