JWT Token Header

[wicetram]

Hello,

I need to encrypt Payload data with a JWK string. I can encrypt using the Nuget package, but I have a problem with the header part of the encrypted JWT data. The required header content should only contain the values "alg" and "kid". However, in all the ways I tried, this header part (at least in C#) always comes with the values "alg" and "typ".

When I encrypt this JWK and Payload data with the Java code I use as an example, I can successfully produce JWT information.

I need your help on this matter. Thanks.

C# JWT Header:

{
"alg": "HS256",
"typ": "JWT"
}

Java JWT Header:

{
"alg": "HS256",
"kid": "7b76e130-73de-4562-9c20-ad5e983e22d8"
}

Java:
package org.example;

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.jwk.JWK;

import okhttp3.*;

import java.io.IOException;
import java.text.ParseException;

public class Main {
public static void main(String[] args) throws ParseException, JOSEException, IOException {
String payload = "{"meta": {"id": "168bba80-5e69-485e-8d16-2e9750cb9c2e","clientInfo": [{"type": "serverIp","value": "WEB"}]},"data": {"orderId": "","amount": 2,"operation": "sales","returnUrl": {"link": "https://","type": "web"},"customer": {"nationalNumber": "","gsmNumber": ""},"paymentOptions": {"threeDSecureCheck": true,"installmentOnlyForCommercialCard": true}}}";

    String jwkStr = "{\"kty\":\"oct\",\"kid\":\"28075256-56c8-11ee-8c99-0242ac120002\",\"k\":\"eSvOcX4/NrjfRsShI+KgHw==\",\"alg\":\"HS256\"}";

   final JWK jwk = JWK.parse(jwkStr);

   final JWSObject jws = new JWSObject((
           new JWSHeader.Builder(JWSAlgorithm.HS256).keyID(jwk.getKeyID()).build()),
           new Payload(payload)
           );

    JWSSigner signer = new MACSigner(jwk.toOctetSequenceKey());

    System.out.println("key"+jwk.toOctetSequenceKey());
    jws.sign(signer);

    final String httpBody = jws.serialize();

    System.out.println(httpBody);
}

}

C#:

using Jose;
using Newtonsoft.Json;
using System.Text;

class Program
{
static void Main()
{
var jwtRequest = new TokenRequestDto
{
Kid = "28075256-56c8-11ee-8c99-0242ac120002",
K = "eSvOcX4/NrjfRsShI+KgHw==",
Alg = "HS256"
};

    var data = "{\"meta\": {\"id\": \"168bba80-5e69-485e-8d16-2e9750cb9c2e\",\"clientInfo\": [{\"type\": \"serverIp\",\"value\": \"WEB\"}]},\"data\": {\"orderId\": \"\",\"amount\": 2,\"operation\": \"sales\",\"returnUrl\": {\"link\": \"https://\",\"type\": \"web\"},\"customer\": {\"nationalNumber\": \"\",\"gsmNumber\": \"\"},\"paymentOptions\": {\"threeDSecureCheck\": true,\"installmentOnlyForCommercialCard\": true}}}";

    var jsonKey = JsonConvert.SerializeObject(jwtRequest);

    byte[] hmacKey = Encoding.UTF8.GetBytes(jwtRequest.K);

    if (hmacKey != null)
    {
        // JWT token oluştur
        string jwtToken = JWT.Encode(data, hmacKey, JwsAlgorithm.HS256);

        Console.WriteLine(jwtToken);
    }
    else
    {
        Console.WriteLine("Error: Unable to create JWT. Check JSON key data.");
    }

    Console.ReadKey();
}

public class TokenRequestDto
{
    public string Kid { get; set; }
    public string K { get; set; }
    public string Alg { get; set; }
}

}

[dvsekhvalnov]

Hi @wicetram , is it what you looking for https://github.com/dvsekhvalnov/jose-jwt#adding-extra-headers ?

Just pass extraHeaders dictionary without typ key inside, it will make it disappear from result.