Skip to content

Update JwtHelper sample #997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 3, 2023
Merged

Update JwtHelper sample #997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e83f637
Update JwtHelper sample
Shane32 Mar 1, 2023
675c94e
Merge branch 'master' into jwthelper_update
Shane32 Mar 3, 2023
d406d10
Merge branch 'master' into jwthelper_update
Shane32 Mar 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions samples/Samples.Jwt/JwtHelper.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,14 +102,20 @@ private static (SecurityKey SecurityKey, string SecurityAlgorithm) CreateAsymmet
// interpret the key as base64
var keyBytes = Convert.FromBase64String(key);
// create a ECDsa key pair and import the key
using var ecdsa = ECDsa.Create();
var ecdsa = ECDsa.Create(); // do not dispose the instance (it is used by the security key)

Check warning

Code scanning / CodeQL

Missing Dispose call on local IDisposable

Disposable 'ECDsa' is created but not disposed.
if (isPrivateKey)
ecdsa.ImportECPrivateKey(keyBytes, out int _);
else
ecdsa.ImportSubjectPublicKeyInfo(keyBytes, out _);
var securityKey = new ECDsaSecurityKey(ecdsa);
// return the key
return (securityKey, SecurityAlgorithms.EcdsaSha256);
return (securityKey, securityKey.KeySize switch
{
256 => SecurityAlgorithms.EcdsaSha256,
384 => SecurityAlgorithms.EcdsaSha384,
521 => SecurityAlgorithms.EcdsaSha512,
_ => throw new InvalidOperationException("Invalid key size."),
});
}

/// <summary>
Expand All @@ -118,6 +124,7 @@ private static (SecurityKey SecurityKey, string SecurityAlgorithm) CreateAsymmet
public static (string PublicKey, string PrivateKey) CreateNewAsymmetricKeyPair()
{
using var ecdsa = ECDsa.Create();
ecdsa.GenerateKey(ECCurve.NamedCurves.nistP256);
var privateKey = Convert.ToBase64String(ecdsa.ExportECPrivateKey());
var publicKey = Convert.ToBase64String(ecdsa.ExportSubjectPublicKeyInfo());
return (publicKey, privateKey);
Expand Down
2 changes: 1 addition & 1 deletion samples/Samples.Jwt/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

// or: use an asymmetric security key with a new random key pair (typically would be pulled from application secrets)
//var (_, privateKey) = JwtHelper.CreateNewAsymmetricKeyPair();
//JwtHelper.Instance = new(privateKey, JwtKeyType.PrivateKey);
//JwtHelper.Instance = new(privateKey, SecurityKeyType.PrivateKey);

// configure authentication for GET/POST requests via the 'Authorization' HTTP header;
// will authenticate WebSocket requests as well, but browsers cannot set the
Expand Down