I am trying to access zapi to get test details from zephyr(Jira) using JWT authorization.But the qsh claim generated is incorrect which makes the JWT incorrect. Is there any alternate method to create qsh in C#?
When tried in Postman client with the generated JWT value, it is giving the error that the incorrect qsh value is used and displays the correct qsh value. I hard coded the displayed value (instead of dynamic qsh creation) for JWT generation and that is giving a success response. The code is given below:
var canonical_path_t = "GET&" + RELATIVE_PATH_T + QUERY_STRING_T;
var payload = new Dictionary<string, object>()
{
{ "sub", ACCOUNT_ID }, //assign subject
{ "qsh", getQSH(canonical_path_t) }, //assign query string hash
{ "iss", ACCESS_KEY }, //assign issuer
{ "iat", iat }, //assign issue at(in ms)
{ "exp", exp } //assign expiry time(in ms)
};
string token = JWT.JsonWebToken.Encode(payload, SECRET_KEY, JWT.JwtHashAlgorithm.HS256);
client.DefaultRequestHeaders.Add("Authorization", "JWT " + token);
client.DefaultRequestHeaders.Add("zapiAccessKey", ACCESS_KEY);
client.DefaultRequestHeaders.Add("User-Agent", "ZAPI");
//code to generate qsh
static string getQSH(string qstring)
{
System.Security.Cryptography.SHA256Managed crypt = new
System.Security.Cryptography.SHA256Managed();
StringBuilder hash = new StringBuilder();
byte[] crypto = crypt.ComputeHash(Encoding.UTF8.GetBytes(qstring), 0, Encoding.UTF8.GetByteCount(qstring));
foreach (byte theByte in crypto)
{
hash.Append(theByte.ToString("x2"));
}
return hash.ToString();
}