C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,962 questions
How to get JWT token
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Rock Hitman
46
Reputation points
the target system uses an Authorization server to authenticate clients (Souce system) and provide an Access Token to invoke services.
The source system will obtain the Access Token from Target system's Authorization server.
The Target system follows JWT profile for OAuth 2.0 Client authentication and Authorization grants for issuing Access Token.
The documents what I had mostly shows verifying the JWT, But I am mainly looking on how to get JWT
In order to do that, Source system need to provide the following
- URLs for signing and Encryption
OpenId Connect well-known endpoint (OR)
jwks and Issuer URLs - Authetication
The network exposed APIs should be secured using either signed JWT, private key jwt or Access Token .
Target system will provide client_id to be used in the APIs - Certificates
We as source system should provide a certificate of issuing CAs for Authentication
Private key may be stored in PEM file
How should I get this, URLs for signing and encrypt, have Authentication set, and provide certificates
C#
{count} votes
-
Ryan Hill 28,286 Reputation points Microsoft Employee2021-11-30T02:29:57.663+00:00 Hi @Rock Hitman ,
I'm not sure if I'm understanding you correctly but if the target system follows OAUTH, then they should have a /.well-known/openid-configuration endpoint that supplies that provider's endpoint URIs, scopes, etc; see https://help.akana.com/content/current/cm/api_oauth/oauth_discovery/m_oauth_getOpenIdConnectWellknownConfiguration.htm. If you could provide clarification on what signing, encrypting, authentication set, and certificates you're specifically referring to will be helpful. Is your system the issuer of authentication tokens? Encryption? Are you using certificates to validate incoming client requests?
-
Rock Hitman 46 Reputation points
2021-11-30T03:14:32.737+00:00 there is an existing Authorization service which was provided with signing certificates by the Target system ? Iam trying to figure out how to generate the required JWT (which is a combination of Header, Payload, signature) to obtain the Access Token in response ?
Sign in to comment
Sign in to answer