JsonWebTokenHeader Class
Abblix.Jwt
Abblix.Jwt
JsonWebTokenHeader Class
Represents the header part of a JSON Web Token (JWT), containing metadata about the token such as the type and the algorithm used for signing.
public class JsonWebTokenHeader
Inheritance System.Object → JsonWebTokenHeader
Remarks
The JWT header typically specifies the cryptographic operations applied to the JWT and can also include additional properties defined or required by the application.
Constructors
JsonWebTokenHeader(JsonObject) Constructor
Represents the header part of a JSON Web Token (JWT), containing metadata about the token such as the type and the algorithm used for signing.
public JsonWebTokenHeader(System.Text.Json.Nodes.JsonObject json);
Parameters
json System.Text.Json.Nodes.JsonObject
Remarks
The JWT header typically specifies the cryptographic operations applied to the JWT and can also include additional properties defined or required by the application.
Properties
JsonWebTokenHeader.Algorithm Property
The algorithm used to sign the JWT, indicating how the token is secured.
public string? Algorithm { get; set; }
Property Value
Remarks
The 'alg' parameter identifies the cryptographic algorithm used to secure the JWT. Common algorithms include HS256, RS256, and ES256. It is crucial for verifying the JWT integrity. Per RFC 7515 Section 4.1.1, this parameter is REQUIRED.
JsonWebTokenHeader.Certificates Property
The 'x5c' (X.509 Certificate Chain) header parameter (RFC 7515 §4.1.6): an X.509
certificate chain as a JSON array of base64-encoded DER certificates, the first being
the leaf. Returns the raw base64 strings; consumers are responsible for decoding to
X509Certificate2 and validating the chain per RFC 5280.
public System.Collections.Generic.IReadOnlyList<string>? Certificates { get; set; }
Property Value
System.Collections.Generic.IReadOnlyList<System.String>
Exceptions
System.Text.Json.JsonException
Thrown when 'x5c' is present but is not a JSON array of strings.
JsonWebTokenHeader.CertificateSha1Thumbprint Property
The 'x5t' (X.509 SHA-1 Thumbprint) header parameter (RFC 7515 §4.1.7): base64url-encoded SHA-1 digest of the DER-encoded leaf certificate. Per RFC 7515 §10.11, SHA-1 is discouraged because of cryptographic weaknesses — prefer CertificateSha256Thumbprint for new deployments. The library exposes 'x5t' for inspection of legacy producers.
public string? CertificateSha1Thumbprint { get; set; }
Property Value
JsonWebTokenHeader.CertificateSha256Thumbprint Property
The 'x5t#S256' (X.509 SHA-256 Thumbprint) header parameter (RFC 7515 §4.1.8): base64url-encoded SHA-256 digest of the DER-encoded leaf certificate. The C# member name strips the '#' character (illegal in identifiers); the JSON literal stays 'x5t#S256' as defined by the spec.
public string? CertificateSha256Thumbprint { get; set; }
Property Value
JsonWebTokenHeader.CertificatesUrl Property
The 'x5u' (X.509 URL) header parameter (RFC 7515 §4.1.5): a URI referring to an X.509 public-key certificate or certificate chain corresponding to the key used for the JWS signature. Same caveat as JwkSetUrl — the library does not fetch.
public System.Uri? CertificatesUrl { get; set; }
Property Value
JsonWebTokenHeader.Critical Property
The 'crit' (Critical) header parameter (RFC 7515 §4.1.11): names of JOSE header parameters that the recipient MUST understand and process. Returns null when 'crit' is absent.
public System.Collections.Generic.IReadOnlyList<string>? Critical { get; set; }
Property Value
System.Collections.Generic.IReadOnlyList<System.String>
Exceptions
System.Text.Json.JsonException
Thrown when 'crit' is present but is not a JSON array of strings.
JsonWebTokenHeader.EncryptionAlgorithm Property
The content encryption algorithm used for JWE (JSON Web Encryption).
public string? EncryptionAlgorithm { get; set; }
Property Value
Remarks
The 'enc' parameter identifies the content encryption algorithm used to encrypt the plaintext to produce the JWE ciphertext and authentication tag. Common algorithms include A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, and A256GCM.
JsonWebTokenHeader.Json Property
The underlying mutable JSON object backing the strongly-typed accessors on this header. Use this when reading or writing custom header parameters that are not modeled as properties.
public System.Text.Json.Nodes.JsonObject Json { get; }
Property Value
System.Text.Json.Nodes.JsonObject
JsonWebTokenHeader.JwkSetUrl Property
The 'jku' (JWK Set URL) header parameter (RFC 7515 §4.1.2): a URI referring to a JSON Web Key Set whose keys the issuer claims are candidates for verifying the JWS. The library only exposes the URI; it does not fetch the URL — the host is responsible for trust and transport per RFC 7515 §8 (TLS with server identity validation per RFC 6125).
public System.Uri? JwkSetUrl { get; set; }
Property Value
JsonWebTokenHeader.KeyId Property
The key ID that indicates which key was used to secure the JWT.
public string? KeyId { get; set; }
Property Value
Remarks
The 'kid' parameter is a hint indicating which specific key from a JWKS was used to sign the JWT. This is particularly useful when the issuer has multiple keys and the verifier needs to identify the correct key for signature verification.
JsonWebTokenHeader.KeyWrapAuthenticationTag Property
The 'tag' header parameter (RFC 7518 §4.7.1.2): base64url-encoded 128-bit GCM authentication tag produced when the CEK is wrapped with AES-GCM key wrapping (A128GCMKW/A192GCMKW/A256GCMKW).
public string? KeyWrapAuthenticationTag { get; set; }
Property Value
JsonWebTokenHeader.KeyWrapInitializationVector Property
The 'iv' header parameter (RFC 7518 §4.7.1.1): base64url-encoded 96-bit Initialization Vector used when the CEK is wrapped with AES-GCM key wrapping (A128GCMKW/A192GCMKW/A256GCMKW).
public string? KeyWrapInitializationVector { get; set; }
Property Value
JsonWebTokenHeader.Type Property
The type of the JWT, typically "JWT" or a similar identifier. This field is optional and used to declare the media type of the JWT.
public string? Type { get; set; }
Property Value
Remarks
The 'typ' parameter is recommended when the JWT is embedded in places not inherently carrying this information, helping recipients process the JWT type accordingly.
JsonWebTokenHeader.VerificationKey Property
The 'jwk' (JSON Web Key) header parameter (RFC 7515 §4.1.3): the public key used to verify the JWS, embedded directly in the JOSE header as a JWK. Returns null when 'jwk' is absent. Trust is the consumer's responsibility — for example, DPoP (RFC 9449) binds this key to the request via a separate confirmation claim.
public Abblix.Jwt.JsonWebKey? VerificationKey { get; set; }
Property Value
Exceptions
System.Text.Json.JsonException
Thrown when 'jwk' is present but is not a valid JWK (e.g. unknown 'kty').