This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to Validate Apigee Edge generated JWT Token from .NET/C# code?

Posted on 08-06-2019 09:41 PM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

I have created a proxy in Apigee Edge to Generate JWT token.

I have created another proxy in Apigee Edge Validate the JWT token, and I am able to Validate using that.

Now I am unable to Validate the JWT Token completely from .NET/C# code. Below is my .NET code:

private static bool ValidateToken(string authToken, string key)
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var validationParameters = GetValidationParameters(key);




        SecurityToken validatedToken;
        IPrincipal principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
        return true;
    }




    private static TokenValidationParameters GetValidationParameters(string key)
    {
        return new TokenValidationParameters()
        {
            ValidateLifetime = false, // Because there is no expiration in the generated token
            ValidateAudience = false, // Because there is no audiance in the generated token
            ValidateIssuer = false,   // Because there is no issuer in the generated token
            ValidIssuer = "urn:apigee-edge-JWT-policy-test",
            ValidAudience = "audience1",
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("key")) // The same key as the one that generate the token
        };
    }

And the Generate Token Policy Code below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT-1">
    <DisplayName>Generate JWT-1</DisplayName>
    <Algorithm>HS256</Algorithm>
    <SecretKey>
        <Value ref="private.key"/>
    </SecretKey>
    <Subject>subject-subject</Subject>
    <Issuer>urn://apigee-edge-JWT-policy-test</Issuer>
    <Audience>audience1,audience2</Audience>
    <ExpiresIn>8h</ExpiresIn>
    <AdditionalClaims>
        <Claim name="userId" type="string" ref="request.formparam.username"/>
    </AdditionalClaims>
    <OutputVariable>jwt-variable</OutputVariable>
</GenerateJWT>
Solved Solved
2 4 2,141
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

Here the size of the Secret Key was below permitted size. I increased the key size in Token generation, and the issue got resolved.

The key value that was getting passed in below code:

IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key))

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Well this is related to .NET/C# code and so it would be better if you posted this in Stackoverflow.

BTW what error are you seeing?

https://www.c-sharpcorner.com/forums/how-to-validate-jwt-token-in-net-core

Jump to Solution

Posted on --/--/---- --:-- AM
abhinabanag92
New Member
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

The error I'm getting is as below:

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey, KeyId: '', InternalId: '96edcecb-17ad-4022-a50b-558f426ed337'. , KeyId: 
'.
Exceptions caught:
 'System.ArgumentOutOfRangeException: IDX10603: Decryption failed. Keys tried: 'HS256'.
Exceptions caught:
 '128'.
token: '96'
Parameter name: KeySize
   at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures)
   at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
   at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'......
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

Here the size of the Secret Key was below permitted size. I increased the key size in Token generation, and the issue got resolved.

The key value that was getting passed in below code:

IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key))
Jump to Solution

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to abhinabanag92
Reply posted on --/--/---- --:-- AM

Yes; the HS256 algorithm requires 64 bytes (256 bits) of key material. Some systems reject shorter keys, and I guess the .NET libraries are one of those systems. Some systems (like Apigee Edge) extend the shorter keys with zeros to fill 64 bytes for HS256 (appropriately longer for HS384 and HS512), as described in IETF RFC 2104.

Jump to Solution
0 Likes