JWT in Asp.NET Core (Open)

There are many officially provided classes which can generate or/and verify JWT within different languages, but generally speaking they all do following things in one way or another:

Generate JWT

  1. Create a header, use base64url to encode header;
  2. Create a collection of claims in payload, use base64url to encode payload;
  3. Provide a secret symmetric encrypted key;
  4. Hash encoded header.payload with secret key;
  5. Concatenate encoded header, encoded payload and signature with period;
  6. Return it to user;

Verify JWT

  1. Decode JWT to get header and payload;
  2. Hash Decoded header and payload with server side secret key;
  3. Compare the newly hashed signature with user provided signature, if they are same, authentication succeeds.

Leave a Reply

Your email address will not be published. Required fields are marked *