I have a use case when I want my new application (which is the authentication source) to provide JWT for legacy applications.
I am trying to use the System.IdentityModel.Tokens.Jwt 5.0.0-beta7 (and if necessary, I could easily go to beta8 ). Creating a token was simple, but I have problems with its signatures. Here is my current code:
Claim[] claims = { new Claim(ClaimTypes.Email, " test@example.net "), new Claim(ClaimTypes.Role, "admin"), new Claim(ClaimTypes.Uri, ""), new Claim(ClaimTypes.Expiration, DateTime.UtcNow.Add(TimeSpan.FromDays(1)).ToString()), new Claim("personId", personId.ToString()) }; var key = Convert.FromBase64String("my super secret key goes here"); var signingCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HMAC_SHA256, SecurityAlgorithms.Sha256Digest ); var jwt = new JwtSecurityToken("localhost", "all", claims, DateTime.UtcNow, DateTime.UtcNow.AddDays(1), signingCredentials); var handler = new JwtSecurityTokenHandler(); handler.WriteToken(jwt); return Content($"{handler.WriteToken(jwt)}");
If I do not sign the token, everything works correctly. However, as soon as I add credential signatures, I get an error message that HMAC is not supported. I found another SO post that says support for symmetric keys does not yet exist . However, in my search I see widespread use of the library. In particular, I see the use of InMemorySymmetricSecurityKey . However, when I try to use it myself, it cannot be found in any namespace, so I'm a little confused, as from here.
This long explanation basically ask - how to properly sign a JWT with a simple secret?
source share