C
C#2y ago
Kasper

❔ ASP.NET CALLBACK

hello i've got a callback with a JWS signature how would i add a new controller to the site to handle this post request and check if its a valid signature? the link to the api that sends the callback is "https://developer.payconiq.com/online-payments-dock/#the-callback-signature" any help would be appreciated.
4 Replies
lycian
lycian2y ago
I'd use one of these packages that allows verification https://jwt.io/libraries
JWT.IO - JSON Web Tokens Libraries
Find an overview of libraries that help you work with JSON Web Tokens in your favorite language.
lycian
lycian2y ago
then it's just a matter of following the steps outlined in payconiq
This assumes that the JWKS has been cached. Extract the "kid" field from the JOSE Header of the signature. Compare the extracted "kid" with the cached "kid" in the JWKS. If there is a match, jump to step 3. If they do not match, jump to step 4. Use the cached JWK to verify the signature using your preferred library (for java the standard is jose4j) making sure that: ->> The following critical headers are set: "https://payconiq.com/iat", "https://payconiq.com/jti", "https://payconiq.com/path", "https://payconiq.com/iss", "https://payconiq.com/sub". Refresh the JWKS cached by downloading the latest JWKS. Extract the "kid" field from the JOSE Header of the signature to retrieve the corresponding JWK. Used the cached JWK to verify the signature using your preferred library (for java the standard is jose4j) making sure that: ->> The following critical headers are set: "https://payconiq.com/iat", "https://payconiq.com/jti", "https://payconiq.com/path", "https://payconiq.com/iss", "https://payconiq.com/sub". This assumes that the public key certificate has not been cached. Extract the "kid" field from the JOSE Header of the signature. Download the JWK which matches the key id ("kid") field in the JOSE Header of the signature. Use the downloaded JWK to verify the signature using your preferred library (for java the standard is jose4j) making sure that: ->> The following critical headers are set: "https://payconiq.com/iat", "https://payconiq.com/jti", "https://payconiq.com/path", "https://payconiq.com/iss", "https://payconiq.com/sub". It is important to confirm that the signature is valid before processing the callback. This is to ensure that the payment data returned has not been tampered with and has been processed by Payconiq.
Kasper
Kasper2y ago
Thanks
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ error when converting string to long```cs System.FormatException: Input string was not in a correct format. ``` you can see on image frxamarin errori get this error running xamarin android app on windows running same project on macos works❔ Tell DbProviderFactory what connection string to use not working?```DbProviderFactories.RegisterFactory("System.Data.MySql", MySqlConnectorFactory.Instance); service❔ How can i calculate a rotation float from a direction vector?i know this might not be the correct place to ask such a question, but i figured such a large number❔ How can I better understand the concepts of unit of work and repository pattern in C# .NET 7?I am seeking assistance in understanding the unit of work and repository pattern in C#.NET7. While I❔ Help with a unity Inventoryim making an Inventory for my unity game and im getting this CS1061 error, i Know what the error is,❔ Running an awaitable async Task, but forcing it to run on a specific thread (main thread).Hi everyone, I'm doing some work in Unity and am having an issue where some of the code that I want ❔ Help connect VS-Code to Unity and Simplify running programI want to connect Unity and VS code Also ive done it before but i want to simplify how you run the ❔ Issue with unit testing and projects not startingI'm writing up tests for my controller, but I need to grab an access token for authorization to do a❔ Retrieve API data in C#What structure would you use if you want to create an API that retrieves data from another API and r