Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized 401 when upgrading System.IdentityModel.Tokens.Jwt from 6.30.0 to 6.30.1 #2084

Closed
GonzaloLebron opened this issue May 18, 2023 · 5 comments
Closed

Unauthorized 401 when upgrading System.IdentityModel.Tokens.Jwt from 6.30.0 to 6.30.1 #2084

GonzaloLebron opened this issue May 18, 2023 · 5 comments
Labels
Bug Product is not functioning as expected Customer reported Indicates issue was opened by customer

Comments

@GonzaloLebron
Copy link

Sorry if this is a repeated issue, in a project (NET6) I was using System.IdentityModel.Tokens.Jwt package reference version "6.30.*"
It was working fine until rebuilded and redeployed, then Unauthorized 401 started appearing in all endpoints requiring authorization (using bearer token), JWT Issuer, Audience and SecretKey did not change, bearer token was correct. Noticed that System.IdentityModel.Tokens.Jwt package was different (was using 6.30.0 and auto updated to 6.30.1).
Downgraded to 6.30.0 and is working fine again.
Upgraded to specific version 6.30.1 and Unauthorized 401 happening again.
@brentschmaltz brentschmaltz added Customer reported Indicates issue was opened by customer Bug Product is not functioning as expected labels May 19, 2023
@brentschmaltz
Copy link
Member

@GonzaloLebron sorry to hear this.
Can you describe your environment (asp.net, etc) and versions.
Are there any exceptions?

@brentschmaltz
Copy link
Member

@GonzaloLebron i think this is related to #2059, will close this issue.

You can track 2059.

@GonzaloLebron
Copy link
Author

GonzaloLebron commented Jun 2, 2023
edited
Loading

The problem is still happening to me, upgrading from
Microsoft.IdentityModel.Tokens 6.27.0 to the latest version.
The error I get (when debugging the library) is:
IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'HS256', the key size must be greater than: '256' bits, key has '192' bits. (Parameter 'keyBytes')'
In Microsoft.IdentityModel.Tokens
Class: CryptoProviderFactory
Method ValidateKeySize(byte[] keyBytes, string algorithm, int expectedNumberOfBytes)

Clearly 24 characters and not 32 SecretKey is my issue
"JwtIssuerOptions": {
"SecretKey": "XXXXXXXXXXXXXXXXXXXXXXXX"
},

Even if
var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtIssuerOptions.SecretKey));
var signInCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256);

My question is, why this is not a breaking change ?

The issue is at:
namespace Microsoft.IdentityModel.Tokens
Class: public class SymmetricSignatureProvider : SignatureProvider
Method: public override bool Verify(byte[] input, byte[] signature)
Line calling ->LogHelper.LogInformation(LogMessages.IDX10643, input);

@penfold
Copy link

penfold commented Jun 9, 2023

Just been hit with the same issue. :-(

@GonzaloLebron
Copy link
Author

Just been hit with the same issue. :-(

Yeah... and I don't know how to reopen this issue... since it is not related to #2059

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Product is not functioning as expected Customer reported Indicates issue was opened by customer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@penfold @brentschmaltz @GonzaloLebron