Signature Invalid when signing with JWT.NET

hypnotic · May 14, 2021, 1:43am

Hey,

I am currently struggling with creating signatures with any .net library to access Twitch api endpoints. The jwt.io page always says the signature is invalid when I copy paste my generated jwt there. When I edit the secret the signature is obviously adjusted and when I use the adjusted jwt I can make the Twitch api call without a problem. When I use my generated jwt I always end up with a 401 authentication failed.
I tried pretty much all of the .net libraries now and all of them generate a wrong signature for HS256… I am not sure what I do wrong since I am new to JWT and couldn’t find anything that points me to the right direction. Here is my code to generate the jwt using the jwt.net library (GitHub - jwt-dotnet/jwt: Jwt.Net, a JWT (JSON Web Token) implementation for .NET). Would highly appreciate if someone could help me with this.

            var payload = new Dictionary<string, object>
        {
           { "exp", DateTimeOffset.Now.AddSeconds(360).ToUnixTimeSeconds()},
           { "user_id", "668312333"},
           { "role", "external"},
        };
        var secret = Encoding.UTF8.GetString(Convert.FromBase64String("MY SECRET"));

        IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric
        IJsonSerializer serializer = new JsonNetSerializer();
        IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
        IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
        
        var token = encoder.Encode(payload, secret);

dan.woda · May 14, 2021, 9:55pm

Hi @hypnotic,

Welcome to the Community!

Are you supposed to create your own tokens for the twitch endpoints? Typically you would request the tokens from Twitch’s Auth server.

That is what their docs say at least…

hypnotic · May 15, 2021, 1:15am

Hi @dan.woda

Thank you for your quick answer and your welcome, appreciate it!

Regarding the authentication for Twitch, they do actually need me to create my own JWT for API authentication. They have like two authentication methods for their API’s. One is for the regular API with requesting the OAuth token which I already implemented and the other one is for the extension API with JWT’s. I am currently creating an extension that calls an extension API method from my backend (Azure function). To be more specific I want to call this one here Extensions Reference | Twitch Developers
They even say my backend needs to create a JWT for authentication. I just can’t figure out why these .net libraries are not creating valid JWT’s.

hypnotic · May 15, 2021, 1:24am

Never mind, I actually figured it out, jesus I am dumb xD

Maybe this will help someone:

I should not have done UTF8 encoding, so this line here was wrong:
var secret = Encoding.UTF8.GetString(Convert.FromBase64String(“MY SECRET”))

it should have been this here:
var secret = Convert.FromBase64String(“MY SECRET”)

dan.woda · May 17, 2021, 11:15pm

We all have those days

Thanks for posting an update! Glad you got it working!

system · June 1, 2021, 11:15pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.