问题
The following code:
using System.IdentityModel.Tokens;
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(rawToken);
Generates the following exception:
Jwt10113: Unable to decode the 'header'
The value "0" is not of type "System.String" and cannot be used in this generic collection. Parameter name: value
When the 'header' section of the rawToken is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0
Which can be decoded to:
{"alg":"HS256","typ":"JWT","kid":0}
The source of the faulting token is Azure Mobile Services.
Please note that the exception does not occur when calling the same line of code while the 'header' section is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjAifQ
Which can be decoded to:
{"alg":"HS256","typ":"JWT","kid":"0"}
How can I overcome this problem, and properly validate such a token?
回答1:
This was a bug in the Azure Mobile Services with respect to its conformance with the JWT spec. The bug has since been fixed, so the JWTs generated by the mobile services should now have a correct string value in the "kid" field of its header.
来源:https://stackoverflow.com/questions/18273776/jwtsecuritytoken-exception-while-decoding-azure-mobile-services-jwt-token