3

The following code:

using System.IdentityModel.Tokens;

JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(rawToken);

Generates the following exception:

Jwt10113: Unable to decode the 'header'
The value "0" is not of type "System.String" and cannot be used in this generic collection. Parameter name: value

When the 'header' section of the rawToken is:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0

Which can be decoded to:

{"alg":"HS256","typ":"JWT","kid":0}

The source of the faulting token is Azure Mobile Services.

Please note that the exception does not occur when calling the same line of code while the 'header' section is:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjAifQ

Which can be decoded to:

{"alg":"HS256","typ":"JWT","kid":"0"}

How can I overcome this problem, and properly validate such a token?

Liel
  • 2,407
  • 4
  • 20
  • 39
  • 1
    There is currently a bug in the tokens generated by the Azure Mobile Services with respect to its conformance to the JWT spec. This should be fixed in one of its upcoming releases. – carlosfigueira Aug 17 '13 at 03:28
  • Thanks @carlosfigueira, Can you point a link to a document or an issue page? – Liel Aug 17 '13 at 06:32
  • Just an update: this bug has been fixed - the JWT generated by Azure Mobile Services now have the "kid" field set to a string value in their headers. – carlosfigueira Sep 25 '13 at 16:41

1 Answers1

1

This was a bug in the Azure Mobile Services with respect to its conformance with the JWT spec. The bug has since been fixed, so the JWTs generated by the mobile services should now have a correct string value in the "kid" field of its header.

carlosfigueira
  • 85,035
  • 14
  • 131
  • 171
  • Sounds promising! Thanks for coming back to this post. I will check it out as soon as I can, and let you know. – Liel Sep 25 '13 at 16:49