Following the instructions from: https://developer.atlassian.com/cloud/jira/platform/understanding-jwt/
I think there is a very misleading error in the description on how to create the query hash.
Step 7 states:
Hash the canonical request bytes using the
This is not correct in all cases. The hash of foo in C# is a byte array, not a string. Only by applying hex encoding to the hash will the resulting UTF8 string become the string mentioned above. This step is omitted in the instructions. Also in other places Base64-encoding is used, but for the query hash, HEX encoding is used. Maybe this is some default in JAVA?
Since the query hash is a bit overworked anyway, clear instructions would help =).
For my C# aspnet core 2.2 implementation of a jwt token, I used the code below.
signingUrlString is the input in the format described in the instructions, ex:
using (SHA256 mySHA256 = SHA256.Create())
var signingBytes = Encoding.UTF8.GetBytes(signingUrlString);
var shaHashofSigning = mySHA256.ComputeHash(signingBytes);
queryHash = ToHex(shaHashofSigning, false);
private static string ToHex(byte bytes, bool upperCase)
StringBuilder result = new StringBuilder(bytes.Length * 2);
for (int i = 0; i < bytes.Length; i++)
result.Append(bytes[i].ToString(upperCase ? "X2" : "x2"));
I used a validation tool for the querystring hash during testing of the JWT implementation to check if the hash was correct: http://jwt-decoder.herokuapp.com/jwt/decode
I have no affiliation to the tool itself, so I cannot say if its safe or not, so use with caution, and do not expose any sensitive urls or queries.
I Hope this might help anyone who have issues with the querystring hash. Please comment if you have any input on this, or if you find errors in the code.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events