Menu
have been looking an answer for this from everywhere, but can't seem to find one that applies to me. The thing is i'm trying to construct a JWT token with ASP.NET in c#. The problem i'm running in to is that somewhere it adds a "nbf" claim automatically to my claims and i can't seem to figure out how to remove it as the API host doesn't allow it in the token. Here's a code snipped of what creates the tokens:
var plainTextSecurityKey = "key";
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(
Encoding.UTF8.GetBytes(plainTextSecurityKey));
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(signingKey,
Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature);
var claimsIdentity = new ClaimsIdentity(new List<Claim>()
{
new Claim("iss", "smthing"),
new Claim("sub", "smthing"),
new Claim("iat", ToUnixTime(issued).ToString()),
new Claim("exp",ToUnixTime(expire).ToString()),
new Claim("aud", JsonConvert.SerializeObject(new[] { "ohlc" }).ToString())
});
claimsIdentity.TryRemoveClaim(claimsIdentity.FindFirst("nbf"));
var securityTokenDescriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor()
{
Subject = claimsIdentity,
SigningCredentials = signingCredentials,
};
securityTokenDescriptor.NotBefore = null;
var tokenHandler = new JwtSecurityTokenHandler();
var plainToken = tokenHandler.CreateToken(securityTokenDescriptor);
var signedAndEncodedToken = tokenHandler.WriteToken(plainToken);
I try to remove the nbf after forming the claimsIdentity, but it appears that it isn't added there.
899
nbf" (Not Before) Claim The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim.
To provide our customers with exceptional financial service.
nbf (not before time): Time before which the JWT must not be accepted for processing. iat (issued at time): Time at which the JWT was issued; can be used to determine age of the JWT. jti (JWT ID): Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once)
JSON Web Token (JWT) is a compact claims representation format that is intended for space constrained environments such as HTTP Authorization headers and URI query parameters. A claim is represented as a name-value pair that contains a Claim Name and a Claim Value.
Try this:
tokenHandler.SetDefaultTimesOnTokenCreation = false
Reference: System.IdentityModel.Tokens.Jwt
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
