OpenID IDX10501:签名验证失败

时间:2018-11-09 13:10:38

标签: authentication openid

我对OpenId认证非常陌生,但是我设法达到了验证IdToken的地步。即使我认为我已经正确验证了签名(从StackOverflow示例中无耻地被盗),我仍然收到上述异常:

var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(new RSAParameters()
{
    Modulus = mod,
    Exponent = exp
});

var sha256 = SHA256.Create();
var hash = sha256.ComputeHash(
System.Text.Encoding.UTF8.GetBytes(idTokenParts[0] + "." + idTokenParts[1]));

var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm(HashAlgorithmName.SHA256.Name);
var temp = FromBase64Url(idTokenParts[2]);
if (!rsaDeformatter.VerifySignature(hash, temp))
    throw new Exception("Failed to verify signature.");

不会抛出此异常,并且我已将令牌中的孩子与从JWKS端点获取的孩子匹配。

无论如何,上述异常始终被抛出。我已经搜寻了互联网,无法找出签名失败的原因。除了例外,两个孩子都匹配:

IDX10501: Signature validation failed. Unable to match keys: 
kid: '8LF7b3iGUk7Cg9RZR6r9GSMo4v8', 
token: '{"alg":"RS256","kid":"8LF7b3iGUk7Cg9RZR6r9GSMo4v8"}.

我需要发送回OpenId端点吗?

任何帮助将不胜感激!

0 个答案:

没有答案