我对OpenId认证非常陌生,但是我设法达到了验证IdToken的地步。即使我认为我已经正确验证了签名(从StackOverflow示例中无耻地被盗),我仍然收到上述异常:
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(new RSAParameters()
{
Modulus = mod,
Exponent = exp
});
var sha256 = SHA256.Create();
var hash = sha256.ComputeHash(
System.Text.Encoding.UTF8.GetBytes(idTokenParts[0] + "." + idTokenParts[1]));
var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm(HashAlgorithmName.SHA256.Name);
var temp = FromBase64Url(idTokenParts[2]);
if (!rsaDeformatter.VerifySignature(hash, temp))
throw new Exception("Failed to verify signature.");
不会抛出此异常,并且我已将令牌中的孩子与从JWKS端点获取的孩子匹配。
无论如何,上述异常始终被抛出。我已经搜寻了互联网,无法找出签名失败的原因。除了例外,两个孩子都匹配:
IDX10501: Signature validation failed. Unable to match keys:
kid: '8LF7b3iGUk7Cg9RZR6r9GSMo4v8',
token: '{"alg":"RS256","kid":"8LF7b3iGUk7Cg9RZR6r9GSMo4v8"}.
我需要发送回OpenId端点吗?
任何帮助将不胜感激!