Hello Everyone,
I need to build a JWT which will then be used to request an access token from Microsoft. As stated here, that JWT needs to have a parameter named x5t in its header (containing the Base64url-encoded SHA-1 thumbprint of the X.509 certificate's DER encoding).
Is it possible to add this header parameter with the current version of this Forge component? If so, how can I do it?
Thank you,
Rui
Hello,
Meanwhile I managed to patch the JWT extension to include the x5t header field. This was done by adding a new field named Thumbprint to the TokenAsymmetricSigningCredentials structure
and by making the following change in the MssCreateToken C# function
I tested it by requesting an access token from Microsoft and it worked. Since this solves the specific request in this thread, I will mark this post as a solution.
Hi Rui,
The custom attributes for the header is something in our backlog for the short term. We're planning to release a development version that will include that already (also to allow to accomodate Borislav Shumarov's changes for Complex Objects). I'm hoping to have updates soon.
Hi João,
Thank you for your feedback! Let me know once the feature is available so I can mark it as a solution.
Cool! Thanks for sharing.
Hi everyone,
Is there any way to add a key-value ("x5t":"abc....") to header?
I only edited the payload but not the header.
I don't want use .Net to custom.
Hello Huy Hoang The,
The authors of the component may be able to give you a more definite answer but I believe that, in order to add custom key-value pairs to the header, you will indeed have to make changes to the .Net code.
Rui is correct, and that's on the component's roadmap for the next version. We'll try to get it out as soon as possible, even if just a development version.
Any news on that? We've seen a few releases since this last message, but it seems not possible to add custom headers to a signedsymmetric token yet, or am I missing something?
Hi Tim, the latest releases were focused on merging forks of JWT components and updating internal libraries to address security issues. That feature, and others, are next in line.
Allright, thanks for the info.
For me, I can't waiting for new update from OS, so i created 1 function to create JWT base on JWT algorithm.
about 7-10 nodes with inputs we need.
Huy Hoang,
OS - Dev
Dear João Almeida,
any update about "x5t"
Thank you
My solution is based on generation algorithm for generating tokens, and I don't need to use C#. For security reasons, I can only share these images. Hopefully, they will be helpful to everyone.
That awesome ans. gut chop
Hi Huy Hoang The,
could you give more information about 'RSA_Sign' action, what value do you pass as 'Data' parameter
Yes, it's same your value.
signature=ConvertBase64ToBase64URL_header.Base64URL+"."+ConvertBase64ToBase64URL_payload.Base64URL
Thank you Huy Hoang The. i have missed Algorithm parameter before.
it is working now.
Perfect!
So my idea is the right solution. I wrote it two years ago and I'm glad it's still true now.
Thank you.
Thank you! Long time no see.
Hi,
I passed the thumbprint (Base64-encoded) value to the KeyId parameter, and it worked successfully.