我想生成jwt令牌,应该由google firebase验证。下面是我生成jwt令牌的代码,它工作正常,直到我将算法改为" RsaSha256Signature"它然后给我错误
"异常:' System.InvalidOperationException:加密算法' http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'在此上下文中不受支持。 "
如果我不改变它并将其用作" HmacSha256Signature"它工作正常
var plainTextSecurityKey = "-----BEGIN PRIVATE KEY-----;
var signingKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey));
var signingCredentials = new SigningCredentials(signingKey,
SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var claimsIdentity = new ClaimsIdentity(new List<Claim>()
{
new Claim(ClaimTypes.NameIdentifier, email),
new Claim(ClaimTypes.Role, role),
}, "Custom");
var securityTokenDescriptor = new SecurityTokenDescriptor()
{
AppliesToAddress = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
TokenIssuerName = "serviceemail",
Subject = claimsIdentity,
SigningCredentials = signingCredentials,
};
var tokenHandler = new JwtSecurityTokenHandler();
var plainToken = tokenHandler.CreateToken(securityTokenDescriptor);
var signedAndEncodedToken = tokenHandler.WriteToken(plainToken);
var tokenValidationParameters = new TokenValidationParameters()
{
ValidAudiences = new string[]
{
"https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"
},
ValidIssuers = new string[]
{
"service email",
"service email"
},
IssuerSigningKey = signingKey
};
SecurityToken validatedToken;
tokenHandler.ValidateToken(signedAndEncodedToken,
tokenValidationParameters, out validatedToken);
return validatedToken.ToString();
答案 0 :(得分:1)
您的leave 不是RSA密钥,因此您无法使用RsaSha256Signature。 add有效,因为您正在创建具有固定密码短语的HMAC对称密钥
signingKey我不是C#的专家,但可能你需要像this
这样的东西HmacSha256Signature您需要一个包含私钥和公钥的密钥库。请注意,HMAC是一种对称算法,签名和验证的关键是相同的,但RSA需要密钥对