FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    JWT Validation Issues with RSA-SHA256 and JwtBearer Middleware (.NET / C#)

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    net jwt csharp webapi
    1
    1
    7.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chukwuemekai
      last edited by

      Hi everyone,

      I'm facing challenges validating JWTs generated by FusionAuth using RSA-SHA256 within my .NET application using the JwtBearer middleware. I've generated a public/private key pair in the FusionAuth Key Master and configured my application as follows:

      public static void AddFusionAuthentication(this IServiceCollection services)
{
    var fusionAuthSettings = services.BuildServiceProvider().GetRequiredService<IOptions<FusionAuthSettings>>().Value;
    byte[] publicKeyBytes = Convert.FromBase64String(fusionAuthSettings.IssuerSigningPublicKey);
    
    services
        .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(opt =>
        {
            opt.Authority = fusionAuthSettings.FusionAuthUrl;
            opt.Audience = fusionAuthSettings.ClientId;
            opt.IncludeErrorDetails = true; // for debugging

            opt.TokenValidationParameters = new()
            {
                ValidateIssuer = true,
                ValidIssuers = [fusionAuthSettings.Issuer],
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(publicKeyBytes)
            };
        });

    services.AddAuthorization(options => { });
}

      However, I'm encountering two unexpected scenarios:

      1. The JWT validation succeeds regardless of the value I set for IssuerSigningPublicKey.
      2. Even when using the correct public key from FusionAuth, JWTs signed with different keys are still validated successfully.

      It seems like the signature validation isn't working as expected.

      Has anyone else encountered similar issues? Could there be a configuration problem in FusionAuth or my .NET application? Any guidance or suggestions for troubleshooting would be greatly appreciated.

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post