我有一个 JWT 安全令牌,需要通过 jwks 端点进行验证。jwks 中的数据如下所示:
"keys": [
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"alg": "RS256",
"n": "......",
"kid": "2132132-b1e6-47e7-a30f-1831942f74bd"
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"alg": "RS256",
"n": "......",
"kid": "tsp-app-a"
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"alg": "RS256",
"n": ".....",
"kid": "tsp-app-b"
我已经尝试过一个第三方 api,但它看起来依赖于 x5c 密钥,这在我的案例中不存在。
public static bool Validate(JwtSecurityToken jsonToken)
bool result = false;
var headers = Jose.JWT.Headers<JWTHeader>(jsonToken.RawData);
var payload = Jose.JWT.Payload<JWTPayload>(jsonToken.RawData);
string jwk = "";
using (HttpClient cli = new HttpClient())
jwk = cli.GetStringAsync(MyclientUrlforWellknownjson).Result;
var jwkinfo = JsonSerializer.Deserialize<JWKS>(jwk);
//Find right key. Match kid and alg, (To be changed later. It is possible that there are multiple x5c elements in key)
var jwkkey = (from item in jwkinfo.keys where item.kid == headers.kid && item.alg == headers.alg select item).SingleOrDefault();
//If key was found then load its public key
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null;
if (jwkkey != null)
//Get public key from well known information
byte[] key = System.Text.Encoding.ASCII.GetBytes(jwkkey.x5c[0]); //??todo
//Create cert
cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(key);
var o = Jose.JWT.Decode(jsonToken.RawData, cert.PublicKey.Key);
catch (Exception ex)
return result;
如何在没有 x5c 的情况下通过 jwks 验证 JWT?