Open GorazdDim opened 1 week ago
I have the same issue with Okta authentication and can confirm that it's indeed the 7.3.1
to 7.4.0
upgrade that breaks the application. The release notes don't show anything suspicious that might explain the error.
I have my own application that I use as an Identity Provider. That application runs on .NET 6 and uses JWT bearer authentication. It uses S.IM.Tokens.Jwt 6.0.35. Because of some other dependency I cannot migrate my Identity Provider application to .NET 8.
I have another application that relies on my Identity Provider for authentication and authorization. This application is a MVC API application. That application used to run on .NET 6 and while migrating to .NET 8 I encountered this issue. If i directly specify the version for S.IM.Tokens.Jwt to be >= 7.4.0 every call to an authorized endpoint of this application returns a "401 Unauthorized" response with a 'Www-Authenticate: Bearer error="invalid_token", error_description= "The signature key was not found"'. In the logs it gives the following error:
If i directly specify the version of S.IM.Tokens.Jwt to be <= 7.3.1 then my problem is solved and everything related to authentication and authorization works as it should.