Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot log in when using ASP.NET Core 8 Preview 7 (IDW10403: Token is not a JWT token) #2420

Closed
twsouthwick opened this issue Sep 1, 2023 · 1 comment · Fixed by #2421
Closed

Cannot log in when using ASP.NET Core 8 Preview 7 (IDW10403: Token is not a JWT token) #2420

twsouthwick opened this issue Sep 1, 2023 · 1 comment · Fixed by #2421
Labels
question Further information is requested

Comments

@twsouthwick
Copy link
Contributor

twsouthwick commented Sep 1, 2023
edited
Loading

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.13.3

Web app

Sign-in users and call web APIs

Web API

Protected web APIs call downstream web APIs

Token cache serialization

Distributed caches

Description

When upgrading to .NET 8 preview 7, I can no longer log in. ASP.NET Core 8 is using v7.x of the Microsoft.IdentityModel.Protocols.OpenIdConnect while Microsoft.Identity.Web is using v6.x.

Reproduction steps

A basic out-of-the-box setup repros this:

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Identity.Web;

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration);

var app = builder.Build();

app.MapGet("/", () => "Hello")
    .RequireAuthorization();

app.Run();

Also, add the latest preview:

<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0-preview4" />

Error message

When attempting to hit an API, I get the following error:

www-authenticate: Bearer error="invalid_token"

When I hook into the OnAuthenticationFailed event, I get the following details:

   at Microsoft.Identity.Web.Resource.RegisterValidAudience.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs:line 66
   at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.IdentityModel.Tokens/Validators.cs:line 71
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateTokenPayloadAsync>d__71.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1431
   at System.Threading.Tasks.ValueTask`1.get_Result() in /_/src/libraries/System.Private.CoreLib/src/System/Threading/Tasks/ValueTask.cs:line 812
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateJWSAsync>d__67.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1340

When I break on exceptions, I see that it's failing because it is expecting the security to token to be a JwtSecurityToken, while it is actually a JwtWebToken:

microsoft-identity-web/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs

Lines 60 to 64 in a8bf5aa

JwtSecurityToken? token = securityToken as JwtSecurityToken;
if (token == null)
{
throw new SecurityTokenValidationException(IDWebErrorMessage.TokenIsNotJwtToken);
}

This appears to be related to #2323

Id Web logs

No response

Relevant code snippets

See the reproduction steps

Regression

No response

Expected behavior

I expect to be able to authenticate and have a useable ClaimsPrincipal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make RegisterValidAudience aware of JsonWebToken twsouthwick/microsoft-identity-web
2 participants
@twsouthwick @jennyf19