Manualy validating the tokens signatures has been easy so far, I get the token and paste it on jwt.io and then I get my certificate and paste it on the PublicKey/Certificate field, and if the signature is valid it will show below.
Now I gotta do that in C#
I tried using JOSE Library
string token = [MYTOKEN];
string certificate = [MYCERTIFICATE]
string json = Jose.JWT.Decode(token, certificate);
but I’m getting this error
rsa using sha alg expects key to be of asymmetric algorithm type
Any tips on to how I can do this signature verification work?
Hi @luigi.siano
You probably want to use middleware to do this for you. If you are going to do it manually, you don’t want to hardcode the certficate as you are doing, you want to use the JSON web key set to get the key (and cache it, so you don’t call the endpoint over and over). Start here:
John
1 Like
Hi John,
I looked in to all that,
I’m working on a QA Project so I’m not going to be doing it manually.
I just shared what Im trying to replicate with code, manually I got to JWT.io, paste the token and the certificate and the I get a confirmation that the signature is valid.
I need to do that with code, and I haven’t been able to do it yet.
Most of the information I’m seeeing online talks about how to validate using the token and the key
but my inputs are the token and the certificate, so I don’t really know how to do this.