Login/Register
.NET Core JWE: no "cty" header
Asked Answered
Solved c#.netjwtbearer-tokenjwe
D

1

6

I'm using the following code to issue my JWEs:

var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);

var handler = new JwtSecurityTokenHandler();


var jwtSecurityToken = handler.CreateJwtSecurityToken(
  Configuration["Jwt:Issuer"],
  Configuration["Jwt:Audience"],
  new ClaimsIdentity(claims),
  DateTime.UtcNow,
  expiresIn,
  DateTime.UtcNow,
  signCreds,
  encryptionCreds);

But it doesn't specify "cty" header of the token - just only alg, enc and typ. If I understand correctly, the header must be set for encrypted JWT so I have an issue while parsing the token in golang because of the headers absence.

I also tried the following ways to issue JWE:

var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);

var handler = new JwtSecurityTokenHandler();

var tokenDescriptor1 = new SecurityTokenDescriptor
  {
     Audience = "you",
     Issuer = "me",
     Subject = new ClaimsIdentity(claims),
     EncryptingCredentials = encryptionCreds
};

var tokenDescriptor2 = new SecurityTokenDescriptor
  {
     Audience = "you",
     Issuer = "me",
     Subject = new ClaimsIdentity(claims),
     EncryptingCredentials = encryptionCreds,
     SigningCredentials = signCreds
};

var tokenDescriptor3 = new SecurityTokenDescriptor
  {
     Audience = "you",
     Issuer = "me",
     Subject = new ClaimsIdentity(claims),
     EncryptingCredentials = encryptionCreds,
     SigningCredentials = signCreds,
     AdditionalHeaderClaims = new Dictionary<string, object> { { "cty", "JWT" } }
   };

var enc = handler.CreateEncodedJwt(tokenDescriptor1);
var encSigned = handler.CreateEncodedJwt(tokenDescriptor2);
var encSignedWithCty = handler.CreateEncodedJwt(tokenDescriptor3);

But have the same result:
enter image description here

I scanned the library but have not found the code that set the Cty header for token.

Maybe anyone knows what I missed or what is the problem?

Thanks!

Dancer answered 16/11, 2019 at 11:15 Comment(0)
D
5

It seems to be a library issue

Dancer answered 26/11, 2019 at 13:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.