ABG
/
DotNetOAuth2
1
0
Fork 0
Code Issues Pull Requests project_board Releases Wiki Activity

Update 'Home'

master
Claire 2 years ago
parent
73881acb1d
commit
c62fc23557
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      Home.md

4
Home.md
unescape_control_characters

@ -331,7 +331,7 @@ What we need is the second element, called `kid`. Google has already documented
Google provides an HTTP-accessible copy of the public certificates that are paired with the private keys used for signing. For security purposes, these certificates change about every 24 hours. For bandwidth purposes (and in order for our code to actually work), we want to cache a copy of each certificate on our own server and use that for the actual validation process.
## Caching Google's public certificates
### Caching Google's public certificates
You can take a look at Google's public certificates [here](https://www.googleapis.com/oauth2/v1/certs). As you can see, they too are stored in a JSON object. Unlike the header and payload that we've already dealt with, however, this array uses dynamic values for each element of the array, so we can't just make a class to reference when parsing this array. Instead, we need to use that `kid` value, which is the key in this JSON array. The value is the certificate itself.
I broke this out into a separate function that is given the `kid` for the purposes of caching the certificate.
@ -439,7 +439,7 @@ Seems straightforward enough, right? In order to actually use this signature to
I realize that step two makes absolutely no sense to anyone who doesn't work with cryptographic algorithms for a living. Fortunately, my hsuband does exactly that, and it made understanding this process way, way easier. Let's take a look at the first step, though.
## Decoding the signature for validation
### Decoding the signature for validation
If you try to decode a string of Base64-encoded text using the `base64Decode` function in this solution, you're going to get a big fat error. Silly me for even trying! Base64URL encoding is different from Base64 - it replaces the special characters + and / with - and \_, in order to make the string URL-friendly. Not only that, but the C# cryptographic classes we'll be using actually need the data in a byte array, so there's no point in going to the trouble to convert it to a string.
This is all you need to do to decode the signature:

Write Preview
Loading…
Cancel
Save