Hi,
I’m creating a JWT using X509certificate. Am using the private key within the pfx certificate to sign the token and the algorithm used is RS256. Am able to create the token, validate it in the JWT.io debugger and get the result as “Signature Verified” when providing the public and private keys.
However when the JWT is sent to a token endpoint using Postman, I keep receiving an error “401 - Unauthorized” and the message “Invalid_Client”. Tried with a new valid client-id, still the same issue mentioned above. The endpoint has the public certificate already installed.
The code is written in .NET core and the snippet is below. Is there anything missing here? Any help on this is greatly appreciated.
string certificateLocation = @"Z:\Files\Private.pfx";
string certificatePassword = "####";
var colln = new X509Certificate2collection();
colln.Import(certificateLocation, certificatePassword, X509KeyStorageFlags.PersistKeySet);
var certificate = colln[0];
var privateKey = certificate.GetRSAPrivateKey();
var privateSecurityKey = new RsaSecurityKey(privateKey);
// Payload and signing credentials
var descriptor = new SecurityTokenDescriptor
{
Issuer = "ClientId",
Audience = "aud",
Expires = DateTime.UtcNow.AddMinutes(10),
Subject = new ClaimsIdentity(new List<Claim> { new Claim("sub", "Username") }),
SigningCredentials = new SigningCredentials(privateSecurityKey, SecurityAlgorithms.RsaSha256)
};
var tokenHandler = new JsonWebTokenHandler();
string jwtValue = tokenHandler.CreateToken(descriptor);