JwtSecurityTokenHandler returns lower case claim type

Question

I am implementing authentication to my application using Auth0 and JWT. My all claim names are in Upper case format, but once the JwtSecurityTokenHandler convert my token to JwtSecurityToken, all are the Claim types of JwtSecurityToken giving lower case types.

Claim & BuildToken

private string BuildToken(UserModel user)
    {
        var claims = new[] {
            new Claim(JwtRegisteredClaimNames.Sub, user.Name),
            new Claim(JwtRegisteredClaimNames.Email, user.Email),
            new Claim(JwtRegisteredClaimNames.Birthdate, user.Birthdate.ToString("yyyy-MM-dd")),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
        };

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        var token = new JwtSecurityToken(_config["Jwt:Issuer"],
          _config["Jwt:Issuer"],
          claims,
          expires: DateTime.Now.AddMinutes(30),
          signingCredentials: creds);

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

JwtSecurityTokenHandler

var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(context.HttpContext.Request.Headers["Authorization"]) as JwtSecurityToken;
var jti = tokenS.Claims.First(claim => claim.Type == "Sub").Value;  //here Sub is giving exception, but if i change it to lower case sub, working fine.

Answer 1

JWT is case sensitive. The sub claim is defined to be lower case.

JwtRegisteredClaimNames.Sub must not make you think that there is a claim called Sub. This is just a name from the library you use, not the name of the claim as it is encoded in the JWT.

sub is correct, Sub is not defined.