JWT (JSON Web Token) : About Jwt.net

1.Concept of JWT:

The full name of the JWT is the JSON Web Token, a concise, URL-safe declarative specification for communicating security information between the two parties. JWT, as an open standard (RFC 7519), defines a concise, self-contained method for communicating information between two communication parties in the form of a JSON object. Because of the presence of digital signatures, this information is trustworthy, and JWT can be signed using the HMAC algorithm or the public-private key pair of RSA.

2.Structure of  JWT
JWT is generally composed of three paragraphs, separated by a. Number, the first paragraph is the header, the second is payload, and the third is signature.

The header (JWT's head) carries two pieces of information like JSON:
The claim type. This is JWT.
The algorithm that declares the encryption. HMAC SHA256 are usually used directly, and others are RS256, etc.

Playload load is the place where valid information is stored. The name is like the cargo on the plane, which contains three pieces of information:
Declaration of registration in the standard
Public statements
Private claims
Declarations registered in the standard (recommended but not mandatory):
ISS:JWT issued by
SUB:JWT-oriented users
AUD: The party receiving the JWT
EXP:JWT expiration time must be greater than the time of issue
NBF: Defines the time before which the JWT is not available.
IAT:JWT Time of issue
JTI:JWT's unique identity is used primarily as a one-time token to avoid replay attacks.

Public statements:
Public declarations can add any information, generally add information about the user or other necessary information for business needs. But it is not recommended to add sensitive information because that part can be decrypted on the client

Private statement:
A private statement is a statement that is defined by both the provider and the consumer, and is generally not recommended for storing sensitive information, because Base64 is symmetric, meaning that part of the information can be classified as plaintext information

Define a Playload

The third part of Signature JWT is a visa information, which consists of three parts:
Header (after Base64)
Payload (after Base64)
Secret

This section requires Base64 encrypted headers and Base64 after the encrypted payload is used. A string consisting of a connection and then a combination of encryption by adding secret by the encryption declared in the header, which then forms the third part of the JWT

How to apply
Usually add authorization in the request head and add bearer callout:

In the project's Package Manager console, enter the following:
Install-package Jwt-version 3.0.0
Installing Jwt.net 3.0.0

Static void Main(string[] args)
        {
            IDateTimeProvider provider = new UtcDateTimeProvider();

            Var now = provider.GetNow();

            Var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);

            Var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
            Var payload = new Dictionary<string, object>{
               { "name", "MrBug" },
               {"exp",secondsSinceEpoch+100 },
               {"jti","luozhipeng" }
            };

            Console.WriteLine(secondsSinceEpoch);

            IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
            IJsonSerializer serializer = new JsonNetSerializer();
            IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
            IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);

            String secret = "123";//key
            Var token = encoder.Encode(payload, secret);
            Console.WriteLine(token);

            Decrypt(token,secret);


            Console.ReadKey();

        }

        /// <summary>
        /// decrypt
        /// </summary>
        /// <param name="token">token information</param>
        /// <param name="secret">key</param>
        Private static void Decrypt(string token,string secret)
        {
            Try
            {
                IJsonSerializer serializer = new JsonNetSerializer();
                IDateTimeProvider provider = new UtcDateTimeProvider();
                IJwtValidator validator = new JwtValidator(serializer, provider);
                IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
                IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);

                Var json = decoder.Decode(token, secret, verify: true); //token is the previously generated string
                Console.WriteLine(json);
            }
            Catch (TokenExpiredException)
            {
                Console.WriteLine("Token has expired");
            }
            Catch (SignatureVerificationException)
            {
                Console.WriteLine("Token has invalid signature");
            }
        }

About Jwt.net