无法从 JwtSecurityToken 获取签名

Posted 2023-03-10

【中文标题】无法从 JwtSecurityToken 获取签名

【英文标题】：Can't get Signature from JwtSecurityToken

【发布时间】：2016-07-08 12:33:33

【问题描述】：

我正在尝试在 .NET 中使用 JWT 身份验证，我需要结果如下所示：

标题： "alg":"HS512"

有效载荷：

"sub":"SomeSubject","nbf":1458315105,"exp":1458316305,"iat":1458315705

我编写了以下代码来获取 JWT 签名令牌：

 public async Task<string> GetJWTToken(string user)
        
            var now = DateTime.UtcNow;

            JwtHeader jwtHeader = new JwtHeader();

            jwtHeader.Add("alg", JwtAlgorithms.HMAC_SHA512);

            JwtPayload payload = new JwtPayload();
            payload.Add("sub", user);
            payload.Add("exp", ConvertToUnixTimestamp( now.AddMinutes(10)));
            payload.Add("nbf",ConvertToUnixTimestamp(now.AddMinutes(-10)));
            payload.Add("iat",ConvertToUnixTimestamp(now));

            JwtSecurityToken toekn = new JwtSecurityToken(jwtHeader, payload);
            SigningCredentials cred = new SigningCredentials(new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("SomeKey")), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", "http://www.w3.org/2001/04/xmlenc#sha512");

            //what's next? 
            return finalResult;
          

使用此代码，我只加密了 Header 和 Payload，我没有得到签名。我查看了很多地方，但找不到产生类似有效负载和标头的示例。

1- 如何将签名凭据添加到 toeken ；无法设置 SigningCredentials、SigningToken 和 SigningKeys。不确定签名凭据应该放在哪里。

2- 之后，签名是如何产生的？

【参考方案1】：

以下代码展示了如何创建 JWT 令牌，其中“证书”可以是自签名证书。

    public JwtTokenProvider(string authority)
    
        _authority = authority;
    
    public async Task<TokenResult> GetTokenAsync(string clientId, string resource)
    
        return await Task.FromResult(new TokenResult
        
            AccessTokenType = "Bearer",
            IdToken = CreateJwt(clientId, resource)
        );
    
    private string CreateJwt(string clientId, string resource)
    
        var certificate = new X509Certificate2(Resource.notification, CertPassword);
        var sub = new System.Security.Claims.Claim("sub", clientId);
        var jti = new System.Security.Claims.Claim("jti", Guid.NewGuid().ToString());
        var claims = new List<System.Security.Claims.Claim>()  sub, jti ;
        var x509Key = new X509AsymmetricSecurityKey(certificate);
        var signingCredentials = new SigningCredentials(x509Key, SecurityAlgorithms.RsaSha256Signature,
            SecurityAlgorithms.Sha256Digest);
        var jwt = new JwtSecurityToken(_authority, resource, claims,
            DateTime.UtcNow,
            DateTime.UtcNow.AddMinutes(ExpirationInMinutes), signingCredentials);
        var sign = new SignatureProviderFactory();
        var provider = sign.CreateForSigning(x509Key, SecurityAlgorithms.RsaSha256Signature);
        var input = string.Join(".", new[]  jwt.EncodedHeader, jwt.EncodedPayload );
        var signed = provider.Sign(Encoding.UTF8.GetBytes(input));
        sign.ReleaseProvider(provider);
        return string.Join(".", new[]  jwt.EncodedHeader, jwt.EncodedPayload, Base64UrlEncoder.Encode(signed) );