Validate JWT in C#

Hi,

Is it possible to get the JWT and validate it after login?
I’m using ASP.NET Owin in C#
Please help.

Thank you

Hi @dotaolaoqua,

Thanks for reaching out to the Auth0 Community!

Yes, this is possible. Once you have gotten the JWT access token, you can decode it to see if it is valid by checking the structure, claims, and signature.

There is also an option to use the access token to make a call to a protected resource to see if it succeeds or fails. If it succeeds, we can conclude that the JWT access token is valid, and invalid otherwise.

I recommend reviewing our Validate Access Tokens documentation which has more instructions on these steps.

Please let me know if you have any questions or need help with implementation.

Thanks,
Rueben

Hi Rueben,

Thank you for your answer.
Can you help me to implement it? This is what I did so far to get the JWT access token. I’m not sure what to do next to validate it. And which secret key should I use?
Thank you for your help!

var client = new RestClient("https://dev-3gbtj2ssweblabla.us.auth0.com/oauth/token");
                                var request = new RestRequest(Method.POST);
                                request.AddHeader("content-type", "application/x-www-form-urlencoded");
                                request.AddParameter("application/x-www-form-urlencoded", "grant_type=client_credentials&client_id="+ ClientIdApp + "&client_secret="+ ClientSecretKeyApp + "&audience=https%3A%2F%2Fdev-3gbtj2ssweblabla.us.auth0.com%2Fapi%2Fv2%2F", ParameterType.RequestBody);
                                IRestResponse response = client.Execute(request);
                                string content = response.Content;
                                dynamic jsonObj = JsonConvert.DeserializeObject(content);
                                string accessToken = jsonObj.access_token;
1 Like

Hi @dotaolaoqua,

Thank you for your response!

That looks good, I see that you are making a Client Credentials grant call to generate an access token.

You should use the client_id and client_secret values from your Machine-to-Machine app that was created and linked to your API with the necessary permissions.

After you have gotten the access token in the response, you can validate it by decoding the token on jwt.io. Similarly, you can use one of the JSON Web Token Libraries - jwt.io as well to accomplish this.

I recommend checking out this repository here for an example.

In the decoded token result, you should be able to see the payload and validate the information by looking at the structure, claims, and signature.

I hope the explanation was clear!

Please let me know how this goes for you.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.