JwtSecurityToken exception while decoding Azure Mobile Services JWT token

Question

The following code:

using System.IdentityModel.Tokens;

JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(rawToken);

Generates the following exception:

Jwt10113: Unable to decode the 'header'
The value "0" is not of type "System.String" and cannot be used in this generic collection. Parameter name: value

When the 'header' section of the rawToken is:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0

Which can be decoded to:

{"alg":"HS256","typ":"JWT","kid":0}

The source of the faulting token is Azure Mobile Services.

Please note that the exception does not occur when calling the same line of code while the 'header' section is:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjAifQ

Which can be decoded to:

{"alg":"HS256","typ":"JWT","kid":"0"}

How can I overcome this problem, and properly validate such a token?

Answer 1

This was a bug in the Azure Mobile Services with respect to its conformance with the JWT spec. The bug has since been fixed, so the JWTs generated by the mobile services should now have a correct string value in the "kid" field of its header.