我正在使用客户端断言实现客户端凭据OAuth流。
我创建了我的jwt令牌。我需要用jwks设置键对其进行签名。
我收到此错误。
System.InvalidOperationException:'IDX10638:无法创建SignatureProvider,'key.HasPrivateKey'为false,无法创建签名。密钥:Microsoft.IdentityModel.Tokens.JsonWebKey。'
public class OpenIdConnectKeyCollection
{
[JsonProperty("keys")]
public ICollection<JToken> JsonWebKeys { get; set; }
}
public static async Task<string> CreateTokenAsync(string jwksUrl, string clientId, string audience)
{
var now = DateTime.UtcNow;
var client = new HttpClient();
var response = await client.GetAsync(jwksUrl);
var json = await response.Content.ReadAsStringAsync();
var keyCollection = JsonConvert.DeserializeObject<OpenIdConnectKeyCollection>(json);
var jwk = keyCollection.JsonWebKeys
.Select(k => new JsonWebKey(k.ToString()))
.ToList();
var signingCredentials = new SigningCredentials(jwk.First(), SecurityAlgorithms.RsaSha256);
var token = new JwtSecurityToken(
clientId,
audience,
new List<Claim>()
{
new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Subject, clientId),
new Claim(JwtClaimTypes.IssuedAt, now.ToEpochTime().ToString(), ClaimValueTypes.Integer64),
new Claim(JwtClaimTypes.Audience, audience),
new Claim(JwtClaimTypes.Issuer, clientId)
},
now,
now.AddMinutes(1),
signingCredentials
);
var tokenHandler = new JwtSecurityTokenHandler();
return tokenHandler.WriteToken(token);
}
参考
https://community.brightspace.com/s/article/LTI-Advantage-Developer-FAQ-s
我有一个nodejs示例项目,在其中可以看到它们正在使用公共密钥签名。