When trying the Azure Mobile Apps offline (in Visual Studio and local IIS with SSL), one has to supply an alternative to Azure's WEBSITE_AUTH_SIGNING_KEY as the SigningKey for the JWT tokens.
How can you generate a dev SigningKey?
Asked
Active
Viewed 677 times
1 Answers
7
In order to test authenticated endpoints locally you need to use the same signing key that was used to generate the auth token (JWT).
If you are logging in against your cloud site, this means that locally you must validate the token using the same signing key. You can find this by going to https://{yoursite}.scm.azurewebsites.net/env and searching for WEBSITE_AUTH_SIGNING_KEY. Note that you should not hard-code this key in any code that you ship (for example, read the value from a config file only used for testing).
For creating your own key -- You need to use a SHA256 hash as a signing key. I typically use http://www.xorbin.com/tools/sha256-hash-calculator for generating them.
brettsam
- 2,702
- 1
- 15
- 24
-
But how can you generate one? :) – Adam Feb 08 '16 at 17:13
-
Your own signing key or your own JWTs? – brettsam Feb 08 '16 at 18:54
-
And how do I generate my own signing key? – Adam Feb 08 '16 at 18:58
-
Updated the answer above with how to create your own key. I'm curious how you're planning to use it -- will you be generating your own JWTs for testing? – brettsam Feb 08 '16 at 19:12