New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validating a JWT using the PS256 algorithm? #1117
Comments
@underscoreHao As best I understand, it's really just a padding mode. Right now we don't support that mode, it's a relatively small amount or work, so we'll leave it active for 5.4.1. These are the modes we do support for RSA: Line 159 in b152f46
We included the define, so users could recognize this algorithm and use extensibility to add support. |
Thank you for putting this on the road map. I used jose-jwt with some custom validation to accomplish what I needed, but I think this is going to be a nice addition to the package in any case. |
Could you please prioritize that. The open banking spec recommends PS256. Without support for that, Wilson is out. |
@leastprivilege we marked this as P1, will be in next 5.x release. |
@underscoreHao - PS256 will be available in 5.5.0 release. |
I was able to create a JWT signed using PS256. That was using the codebase from your PR though. I couldn't find a nightly for v5.x and the v6 nightly didn't contain RSA-PSS support. |
@scottbrady91 @underscoreHao published nightly of 5.5.0 here: https://www.myget.org/feed/azureadwebstacknightly/package/nuget/System.IdentityModel.Tokens.Jwt |
Hello,
The last two days I've been trying to verify a JWT that has been encoded using the PS256 algorithm. I have an implementation for RS256 that's working correctly, but despite my best efforts I couldn't validate a PS256 JWT. I looked and debugged through the code of Microsoft.IdentityModel.Tokens and it seems that although PS256 is in the SecurityAlgorithms.cs, an actual implementation of the validation is missing. Is this on the roadmap? Am I doing something wrong? Perhaps I'm not understanding the difference between RSA256 and PS256 well enough.
Any kind of information on this will be appreciated.
EDIT: I'm supplying an example token
And some of my code
The text was updated successfully, but these errors were encountered: