How to validate signature of JWT from jwks without x5c

Question

I have a JWT security token which I need to verify via jwks endpoint. Data in jwks looks like:

{
  \"keys\": [
    {
      \"kty\": \"RSA\",
      \"e\": \"         


        

Answer 1

Using x5c is just one way, but you can also retrieve the public key with the parameters e (public exponent) and n (modulus), which is also documented on the jose-jwt github page:

//If kid was found then load public key
if (jwkkey != null)
{
    RSACryptoServiceProvider key = new RSACryptoServiceProvider();
    key.ImportParameters(new RSAParameters
    {
        Modulus = Base64Url.Decode(jwkkey.n),
        Exponent = Base64Url.Decode(jwkkey.e)
    });
}

// get the public key as Base64Url encoded string, e.g. to use it on jwt.io
var pubkey = Base64Url.Encode(key.ExportRSAPublicKey());

var o = Jose.JWT.Decode(jsonToken.RawData, key);

You can also export the public key as Base64Url encoded string again as shown in the code above, and later use that key to manually verify your token on https://jwt.io