Auth0 Home Blog Docs

JWT Decode .NET broke when setting RS256

aspnet
c
jwt-validation

#1

This is the decode method I was using, worked fine, but when we moved to the RS256 it tanks when “verify” is true.

https://gist.github.com/sitefinitysteve/6cb632225d9e918b02921ebb94121a67#file-jwtdecode-cs-L61-L90

Otherwise everything decodes okay… is this a concern?


#2

It’s not recommended to roll your own JWT processing and verification logic. The best thing to do is to use an already established library that does that for you.

You can check the libraries section in jwt.io, in particular the .NET ones. For .NET, in general, you would go with System.IdentityModel.Tokens.Jwt from Microsoft.


#3

Oh great. that lib is included in sitefinity anyway… so the reason for not decoding your own is for security reasons?


#4