Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
425 views
in Technique[技术] by (71.8m points)

c# - How to decode JWE token in Angular

I have this problem, I created a JWE in .net core using EncryptingCredentials by this way:

var key = Encoding.ASCII.GetBytes(Configuration["Core:JwtSecret"]);
var encryptionkey = Encoding.ASCII.GetBytes(Configuration["Core:JwtEncrype"]);

var tokenDescriptor = new SecurityTokenDescriptor
{
    Subject = subject,
    Expires = DateTime.UtcNow.AddDays(Convert.ToInt32(Host.Config["Core:JwtDays"])),
    SigningCredentials =
        new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature),
    EncryptingCredentials =
        new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);

How can I read token's data with angular?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can implement a Web API endpoint that will accept your JWE token as an input parameter, decrypts and validates it and returns its payload (contents) as JSON. Then you can easily use JSON in your angular application. In this case you use your signing and encryption keys on the server-side where you keep them in secret.

Moreover, you may consider using JWT instead of JWE. You decode the token in a public client (angular app) in any case. That is similar to the user_info endpoint of OpenID Connect protocol. Encryption will be useful if you decrypt the token on the server-side (private client).

Using the signing and encryption keys in the angular application will expose them to the public.

Alternatively you can introduce another JWT token that is not encrypted and return it to your angular application instead of or in addition to your JWE token. It will be similar to the id_token from OpenID Connect protocol.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...