Meaningless error when using both Microsoft.AspNetCore.Authentication.OpenIdConnect 8.0.4 and System.IdentityModel.Tokens.Jwt 7.5.0 or higher

[CunesPoort8]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

When using the Microsoft.AspNetCore.Authentication.OpenIdConnect package version 8.04 and the System.IdentityModel.Tokens.Jwt package version 7.5.0 or higher, a meaningless error arises not pointing in the direction of the cause.

All works well when the System.IdentityModel.Tokens.Jwt package is deleted and the Microsoft.AspNetCore.Authentication.OpenIdConnect package uses its default 7.1.2 version.

Expected Behavior

A working login procedure with up to date System.IdentityModel.Tokens.Jwt package. Please add support for this package in the latest Microsoft.AspNetCore.Authentication.OpenIdConnect package.

Steps To Reproduce

Install both packages and perform an open id connect login procedure with only a Authority set, so the Open ID connect middleware will figure out it's configuration from the .well-known/openid-configuration endpoint.

See https://github.com/POORT8/AspNetCore.Repro.55194 for a minimal reproduction repo.

Exceptions (if any)

No response

.NET Version

.NET 8

Anything else?

No response

[utarn]

I also got this error when upgrading from Microsoft.AspNetCore.Authentication.OpenIdConnect 8.0.2 to Microsoft.AspNetCore.Authentication.OpenIdConnect 8.0.4

[CunesPoort8]

The minimal repro project can be found here: https://github.com/POORT8/AspNetCore.Repro.55194

[halter73]

If you add the following to your csproj, does it fix your issue?

<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.5.1" />

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2513 is tracking the issue related to mismatched IdentityModel dependencies causing hard-to-diagnose errors. The current plan appears to produce a build-time warning, but I'm not sure what the timeframe for adding that warning is.

The right thing to do would be to avoid breaking changes to Microsoft.IdentityModel.Tokens, particularly changes that break older Microsoft.IdentityModel.Protocols.OpenIdConnect versions in such a severe and hard-to-diagnose way, but that's an issue for the https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/ repo, not here.

[CunesPoort8]

Hi @halter73, yes indeed this fixes the issue both in the minimal repro project as well in our project where we encountered the issue. Is this your proposed solution? Is there any plan on updating the Microsoft.IdentityModel.Protocols.OpenIdConnect package in the Microsoft.AspNetCore.Authentication.OpenIdConnect package any time soon? Also to replace the deprecated System.IdentityModel.Tokens.Jwt which is in there?

[mkArtakMSFT]

Closing as this is similar to #55355. We're working with the Entra team to get these addressed. Given that the work is not happening in this repo, closing this issue.