Open attilah opened 2 weeks ago
The functionality of "Wilson" (Microsoft.IdentityModel.*) is split up across multiple NuGet packages. Within one project the versions of these packages must be exactly the same. That also goes for the references other used packages might have. NuGet doesn't enforce this but we've created a document that might help.
Can you please try the suggestions in there and report back?
@attilah Did this help? Would you like to add anything to this issue? If not I'd like to close it.
Which version of Duende IdentityServer are you using?
Latest 7.0
Which version of .NET are you using?
.NET 8.0
Describe the bug
We configured an OIDC provider with BFF and Yarp just as in the
JsBFFYarpSample
and while the sample was working correctly our app was not. The error is that the well known document was not parsed correctly andcode
exchange backchannel call failed asTokenEndpoint
was empty.I was able to narrow it down to
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever
which is usingMicrosoft.IdentityModel.Protocols.OpenIdConnect..OpenIdConnectConfigurationSerializer
. The serializer is usingMicrosoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives
fromMicrosoft.IdentityModel.Tokens
package.Latest IdentityServer with
WilsonVersion
pulls in the 7.1.2 version of theMicrosoft.IdentityModel.Tokens
package and if someone is implicitly or explitly using a 8.x version of the same package in the project, the error will happen due to the incompatibility between the 7.x and 8.x version of the serializer.To Reproduce
Create a console application repro.csproj
The app works correctly and outputs:
Now add a direct dependency to the tokens package:
The output will be:
Pulling in the matching 8.0.2 version of
Microsoft.IdentityModel.Protocols.OpenIdConnect
8.0.2 solves the problem, but it is cumbersome and not easy to find, the very same issue is causing #2523 as well (but that's not IDS problem).Expected behavior
When using Identity Server packages with standard ASP.NET Core packages OpenId authentication with Identity Server works correctly. By updating
WilsonVersion
in Identity Server and adding a direct reference toMicrosoft.IdentityModel.Tokens
would solve it.