Generate a secret key for JWT?
11,374
Just expanding on @nodd13's post to I have used the following (in LinqPad) to randomly generate a key:
var key = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(key);
var base64Secret = Convert.ToBase64String(key);
// make safe for url
var urlEncoded = base64Secret.TrimEnd('=').Replace('+', '-').Replace('/', '_');
urlEncoded.Dump();
This is indeed random and as I understand it you only need to do this once and you can then store this in your web.config to be referenced later.
Comments
-
xaisoft over 1 year
Currently I have a hard-coded secret key I use for my JWT Token Generation. What is the best way to generate this randomly when generating the token? Also, what I don't understand is if the secret is randomly generated, how can it be that the secret would be randomly generated again for authentication purposes. Am I missing something here or am I way off on how this works? It appears that the secret key is not even random. Is it something I would store in web.config for example
-
Imdad over 5 yearsIs it safe to be stored in the web.config for a web api 2 project?
-
Bernard Chen almost 5 yearsAren't the equal signs at the end of a base64-encoded string supposed to be there as part of the padding expected of base64 strings where the grouping of bits requires it?