问题描述
我通过设置有效载荷(如下所示)创建了一个JwtToken
I have created a JwtToken by setting up the Payload as shown below
var payload = new JwtPayload
{
{"aud", "wellmark.com" },
{"iss", "wellmark" },
{"iat", DateTime.Now.Ticks },
{"exp", DateTime.Now.AddDays(90).Ticks },
};
我必须使用刻度的原因是,这是获取at和expirate时间的整数值的唯一方法.我同意壁虱实际上是很长的时间,而不是整数,但这是唯一的方法.
The reason I had to use ticks is because that is the only way to get an integer value for the issued at and expiration times. I agree that ticks is in fact a long and not an int, but that was the only way.
现在,当我再次验证令牌时,我正在执行以下操作
Now when I come back to validate the token, I am doing the below
var tokenValidationParams = new TokenValidationParameters
{
IssuerSigningKey = new X509SecurityKey(jwtCert),
ValidAudience = "masked",
ValidIssuer = "masked",
IssuerSigningKeyResolver = (string token, Microsoft.IdentityModel.Tokens.SecurityToken securityToken, string kid, TokenValidationParameters validationParameters) => new List<X509SecurityKey> { new X509SecurityKey(jwtCert) }
};
tokenHandler.ValidateToken(id, tokenValidationParams
, out validatedToken);
但是没有说
这很可能是因为验证方法试图将long转换为int,并且由于无法将其转换为int,因此仅返回null,如在此处.
This is most likely because the validation method is trying to convert the long to an int and because it is unable to convert it, it simply returns a null as indicated in the documentation shown here.
有人在此机制上取得成功.请注意,我正在使用X509证书对我的Jwt进行签名.
Has anyone had success with this mechanism. Please note that I am using X509 Certificate to Sign my Jwt.
Narasimham
Narasimham
推荐答案
exp时间戳不能使用Ticks
You can't use Ticks for the exp timestamp
JWT中的时间戳是从1970年1月1日00:00 UTC开始计数的UNIX时间戳: https://tools.ietf.org/html/rfc7519#section-4.1.4 解释说,数字日期用于exp声明(也用于nbf(不早于此)和iat(发布于) )声明
The timestamps in JWT are UNIX timestamps counting from 01.01.1970 00:00 UTC: https://tools.ietf.org/html/rfc7519#section-4.1.4 explains that a numeric date is used for the exp claim (and also for the nbf (not before) and iat (issued at) claims)
https://tools.ietf.org/html/rfc7519#section-2 定义数字日期:
如果像您在示例中一样直接创建有效负载,则需要计算自世界标准时间1.1.1970起的秒数,例如:
If you create the payload directly like you did in your example you need to calculate the seconds since 1.1.1970 UTC for example like this:
DateTime centuryBegin = new DateTime(1970, 1, 1);
var exp = new TimeSpan(DateTime.Now.AddDays(90).Ticks - centuryBegin.Ticks).TotalSeconds;
exp距现在90天.当然,您也可以使用其他任何Add ...方法来计算有效时间.请参考 https://msdn.microsoft. com/de-de/library/system.datetimeoffset(v = vs.110).aspx 来查看其他添加方法.
exp is then 90 days from now. Of course you can use any of the other Add... methods as well to calculate the expriation time.Refer to https://msdn.microsoft.com/de-de/library/system.datetimeoffset(v=vs.110).aspx to see the other Add methods.
某些框架(例如System.IdentityModel.Tokens.Jwt)提供了创建令牌的功能,这些令牌接受类型为DateTimeOffset的参数,该参数更易于处理.
Some frameworks (e.g. System.IdentityModel.Tokens.Jwt) offer functions to create tokens which accept parameters of the type DateTimeOffset, which is easier to handle.
使用 http://www.unixtimestamp.com/或类似网站检查时间戳
Use http://www.unixtimestamp.com/ or similar sites to check your timestamps
这篇关于JWT验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!