.NET 核心 JWE:否 "cty" header
.NET Core JWE: no "cty" header
我正在使用以下代码发布我的 JWE:
var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
var handler = new JwtSecurityTokenHandler();
var jwtSecurityToken = handler.CreateJwtSecurityToken(
Configuration["Jwt:Issuer"],
Configuration["Jwt:Audience"],
new ClaimsIdentity(claims),
DateTime.UtcNow,
expiresIn,
DateTime.UtcNow,
signCreds,
encryptionCreds);
但它没有指定令牌的 "cty" header - 仅指定 alg、enc 和 typ。如果我理解正确,必须为加密的 JWT 设置 header,所以我在解析 golang 中的令牌时遇到问题,因为 header 不存在。
我也试过下面的JWE发行方式:
var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
var handler = new JwtSecurityTokenHandler();
var tokenDescriptor1 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds
};
var tokenDescriptor2 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds,
SigningCredentials = signCreds
};
var tokenDescriptor3 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds,
SigningCredentials = signCreds,
AdditionalHeaderClaims = new Dictionary<string, object> { { "cty", "JWT" } }
};
var enc = handler.CreateEncodedJwt(tokenDescriptor1);
var encSigned = handler.CreateEncodedJwt(tokenDescriptor2);
var encSignedWithCty = handler.CreateEncodedJwt(tokenDescriptor3);
但结果相同:
我扫描了 library 但没有找到为令牌设置 Cty header 的代码。
也许有人知道我错过了什么或者有什么问题吗?
谢谢!
好像是个图书馆issue
我正在使用以下代码发布我的 JWE:
var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
var handler = new JwtSecurityTokenHandler();
var jwtSecurityToken = handler.CreateJwtSecurityToken(
Configuration["Jwt:Issuer"],
Configuration["Jwt:Audience"],
new ClaimsIdentity(claims),
DateTime.UtcNow,
expiresIn,
DateTime.UtcNow,
signCreds,
encryptionCreds);
但它没有指定令牌的 "cty" header - 仅指定 alg、enc 和 typ。如果我理解正确,必须为加密的 JWT 设置 header,所以我在解析 golang 中的令牌时遇到问题,因为 header 不存在。
我也试过下面的JWE发行方式:
var signCreds = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:SigningKey"])), SecurityAlgorithms.HmacSha256);
var encryptionCreds = new EncryptingCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Jwt:Encryptionkey"])), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
var handler = new JwtSecurityTokenHandler();
var tokenDescriptor1 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds
};
var tokenDescriptor2 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds,
SigningCredentials = signCreds
};
var tokenDescriptor3 = new SecurityTokenDescriptor
{
Audience = "you",
Issuer = "me",
Subject = new ClaimsIdentity(claims),
EncryptingCredentials = encryptionCreds,
SigningCredentials = signCreds,
AdditionalHeaderClaims = new Dictionary<string, object> { { "cty", "JWT" } }
};
var enc = handler.CreateEncodedJwt(tokenDescriptor1);
var encSigned = handler.CreateEncodedJwt(tokenDescriptor2);
var encSignedWithCty = handler.CreateEncodedJwt(tokenDescriptor3);
但结果相同:
我扫描了 library 但没有找到为令牌设置 Cty header 的代码。
也许有人知道我错过了什么或者有什么问题吗?
谢谢!
好像是个图书馆issue