Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
JWT issues
public class FixedJsonWebTokenHandler : JsonWebTokenHandler
{
public override SecurityToken ReadToken(string tokenString)
{
// Azure ACS messes with the token a bit
return base.ReadToken(Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)));
}
}
<t:RequestSecurityTokenResponse Context="rm=1&amp;id=passive&amp;ru=%2f" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-05-29T23:44:17.005Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-05-29T23:54:17.005Z</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>http://example.com/</Address></EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><wsse:BinarySecurityToken wsu:Id="..." ValueType="urn:ietf:params:oauth:token-type:jwt" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">... token* ...</wsse:BinarySecurityToken></t:RequestedSecurityToken><t:TokenType>urn:ietf:params:oauth:token-type:jwt</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>
* 'token' is removed for security. Format is a standard JWT (3 dot-separated segments) which has been passed through Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(...)). See attached FixedJsonWebTokenHandler class
My hunch is that the EncodingType attribute on BinarySecurityToken is the one to use to determine if pre-decoding is needed: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary seems to indicate that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.