0

I am trying to integrate GIT in my site. I have been successful in implementing the toolkit and want to validate the JWT sent from Google API with the *.p12 certificate provided during setup.

Exception Details: System.IdentityModel.SignatureVerificationFailedException: IDX10501: Signature validation failed. Key tried: 'System.IdentityModel.Tokens.X509SecurityKey'.

JSON Web Token Received: token: '{"alg":"RS256","kid":"qwYevA"}.{"iss":"https://identitytoolkit.google.com/","aud":"238895676270-i8o5fe2poogs83nki8jl5tgtfm7h9n5l.apps.googleusercontent.com","iat":1445739256,"exp":1446948856,"user_id":"","email":"","provider_id":"google.com","verified":true,"display_name":""}'

 var signingToken = new X509SecurityToken(new X509Certificate2(fileName, "notasecret"));
        TokenValidationParameters validationParameters =

                              new TokenValidationParameters()

                              {

                                  IssuerSigningKey = new X509SecurityKey(new X509Certificate2(fileName, "notasecret")),
                                  ValidAudience = "238895676270-i8o5fe2poogs83nki8jl5tgtfm7h9n5l.apps.googleusercontent.com",
                                  ValidIssuer = "https://identitytoolkit.google.com/",
                                  IssuerSigningKeyResolver = (token, a, ski, tvp) => { return new X509SecurityKey(new X509Certificate2(fileName, "notasecret")); },
                                  IssuerSigningToken = signingToken,

    };
        SecurityToken st;

        var result = tokenHandler.ValidateToken((Request.Cookies["gtoken"]).Value, validationParameters, out st);
4

1 回答 1

1

Identity Toolkit 生成的 JWT 由 Identity Toolkit 自己的 RSA 私钥签名,而不是您在设置期间下载的 .p12。

您需要从 下载当前活动的 Identity Toolkit X509 公共证书https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys?key={YOUR_SERVER_API_KEY},在您收到的 JWT 中为“孩子”选择证书,并使用该证书构建 X509Certificate2。

SERVER_API_KEY 可以在您创建 OAuth2 客户端的 Google Developers Console 中生成。

于 2015-10-26T06:07:57.447 回答