How to decode JWT Token?

c# .net jwt
Cooxkie picture Cooxkie · Jul 13, 2016 · Viewed 129.1k times · Source

I don't understand how this library works. Could you help me please ?

Here is my simple code :

public void TestJwtSecurityTokenHandler()
    {
        var stream =
            "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJJU1MiLCJzY29wZSI6Imh0dHBzOi8vbGFyaW0uZG5zY2UuZG91YW5lL2NpZWxzZXJ2aWNlL3dzIiwiYXVkIjoiaHR0cHM6Ly9kb3VhbmUuZmluYW5jZXMuZ291di5mci9vYXV0aDIvdjEiLCJpYXQiOiJcL0RhdGUoMTQ2ODM2MjU5Mzc4NClcLyJ9";
        var handler = new JwtSecurityTokenHandler();

        var jsonToken = handler.ReadToken(stream);
    }

This is the error :

The string needs to be in compact JSON format, which is of the form: Base64UrlEncodedHeader.Base64UrlEndcodedPayload.OPTIONAL,Base64UrlEncodedSignature'.

If you copy the stream in jwt.io website, it works fine :)

Answer

Cooxkie picture Cooxkie · Aug 12, 2016

I found the solution, I just forgot to Cast the result: 

var stream ="[encoded jwt]";  
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream);
var tokenS = handler.ReadToken(stream) as JwtSecurityToken;

I can get Claims using:

var jti = tokenS.Claims.First(claim => claim.Type == "jti").Value;

Related questions

JwtSecurityToken doesn't expire when it should

I am currently using the JwtSecurityToken class in System.IdentityModels.Tokens namespace. I create a token using the following: DateTime expires = DateTime.UtcNow.AddSeconds(10); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); var genericIdentity = new System.Security.Principal.GenericIdentity(username, "TokenAuth"); ClaimsIdentity identity = new …

Read More
Securing the JWT with a X509Certificate2 (JwtSecurityTokenHandler)

I managed to make the JwtSecurityTokenHandler work with X509Certificate2. I was able to sign the token with a X509Certificate2 object. I was also able to validate the token by using the certificate's raw data through X509Certificate2.RawData …

Read More
Validating Google OpenID Connect JWT ID Token

I'm trying to upgrade my MVC website to use the new OpenID Connect standard. The OWIN middleware seems to be pretty robust, but unfortunately only supports the "form_post" response type. This means that Google isn't compatible, as it returns …

Read More