Implementing JSON Web Token in C#: A Guide with Google Service Account

Dec 04, 2025 · Programming · 20 views · 7.8

Keywords: C# | JWT | Google Authentication | OAuth2.0

Abstract: This article provides a comprehensive guide to implementing JSON Web Token (JWT) in C#, with a focus on authentication using Google Service Accounts. It covers JWT basics, custom C# implementation, integration with Google's OAuth 2.0, and references to existing libraries.

Introduction to JSON Web Token

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It is commonly used for authentication and authorization in web applications, particularly with OAuth 2.0 frameworks.

JWT Structure and Algorithms

A JWT consists of three parts: header, payload, and signature. The header specifies the algorithm used for signing, such as RS256 or HS256. The payload contains the claims, and the signature ensures the token's integrity.

Implementing JWT in C#

Based on the provided code from Answer 1, a custom JsonWebToken class can be implemented in C#. This class handles encoding and decoding of JWTs using various hash algorithms.

public static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
{
    var segments = new List<string>();
    var header = new { alg = algorithm.ToString(), typ = "JWT" };
    byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
    byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));
    segments.Add(Base64UrlEncode(headerBytes));
    segments.Add(Base64UrlEncode(payloadBytes));
    var stringToSign = string.Join(".", segments.ToArray());
    var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);
    byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
    segments.Add(Base64UrlEncode(signature));
    return string.Join(".", segments.ToArray());
}

The Encode method serializes the header and payload to JSON, Base64Url encodes them, and computes the signature using the specified algorithm.

Google Service Account Integration

For Google authentication, the GoogleJsonWebToken class extends the base implementation to handle specific claims and use RS256 algorithm with a certificate.

public class GoogleJsonWebToken
{
    public static string Encode(string email, string certificateFilePath)
    {
        var utc0 = new DateTime(1970,1,1,0,0,0,0, DateTimeKind.Utc);
        var issueTime = DateTime.Now;
        var iat = (int)issueTime.Subtract(utc0).TotalSeconds;
        var exp = (int)issueTime.AddMinutes(55).Subtract(utc0).TotalSeconds;
        var payload = new
        {
            iss = email,
            scope = "https://www.googleapis.com/auth/gan.readonly",
            aud = "https://accounts.google.com/o/oauth2/token",
            exp = exp,
            iat = iat
        };
        var certificate = new X509Certificate2(certificateFilePath, "notasecret");
        var privateKey = certificate.Export(X509ContentType.Cert);
        return JsonWebToken.Encode(payload, privateKey, JwtHashAlgorithm.RS256);
    }
}

This class is tailored for Google's OAuth 2.0 service account flow, including necessary claims like issuer (iss), scope, audience (aud), expiration (exp), and issued at (iat).

Conclusion and Resources

While custom implementation is possible, as shown in Answer 1, developers can also use existing libraries. Answer 2 mentions NuGet packages such as JWT and jose-jwt, which provide ready-to-use solutions for JWT in .NET. Additionally, resources like jwt.io offer tools and libraries for various programming languages.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.