The accepted answer did not work for me. I’m not sure if that’s caused by me using .NET Core 2.0 or by something else, but it looks like the framework maps the Subject Claim to a NameIdentifier claim. So, the following worked for me: string userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; Note that this assumes the Subject sub … Read more
RFC 7519 states that the exp and iat claim values must be NumericDate values. NumericDate is the last definition in Section 2. Terminology, and is defined as the number of seconds (not milliseconds) since Epoch: A JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. … Read more
A Json Web Token made up of three parts. The header, the payload and the signature Now the header is just some metadata about the token itself and the payload is the data that we can encode into the token, any data really that we want. So the more data we want to encode here … Read more
I’ve also been trying to find this. I’d say – try and ensure it’s below 7kb. Whilst JWT defines no upper limit in the spec (http://www.rfc-editor.org/rfc/rfc7519.txt) we do have some operational limits. As a JWT is included in a HTTP header, we’ve an upper limit (SO: Maximum on http header values) of 8K on the … Read more
Both choices refer to what algorithm the identity provider uses to sign the JWT. Signing is a cryptographic operation that generates a “signature” (part of the JWT) that the recipient of the token can validate to ensure that the token has not been tampered with. RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and … Read more