Hello.
I have just run the client credentials sample, but it seems that there is no encryption or signing whatsoever for the token, since we have this line: Console.WriteLine(JObject.Parse(Encoding.UTF8.GetString(Base64Url.Decode(claims))));
I also noticed that whatever is sent on the http wire is the same with whatever I see on the string. So my conclusion is that there is no encryption and no signing.
protected virtual string CreateJsonWebToken(Token token, SigningCredentials credentials)
{
var jwt = new JwtSecurityToken(
token.Issuer,
token.Audience,
token.Claims,
new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(token.Lifetime)),
credentials);
var handler = new JwtSecurityTokenHandler();
var ret = handler.WriteToken(jwt);
return ret;
}
but I'm not sure it takes into consideration the certificate which is wrapped in the credentials variable.