snothub
commented
8 years ago Well, I seem to have narrowed it down a bit, although I still have no idea what is happening. For some reason, the signing method no longer works as it used to. But if I check out master, add signing certificate and build there, it gets better. Very weird, but I just have to accept it and move on.
This one is driving me friggin crazy
We've been using local validation in our middleware for some time. Because of some legacy constraints, we also have to sign the AccessTokenValidation middleware and publish an internal version with strong name. This is all working nicely.
Now I'm trying to upgrade to latest version (we're still on Thinktecture.*, so we need this) and again I've signed the latest IdentityModel and AccessTokenValidation nugets as I have always done with ildasm/ilasm and verified with sn.exe and everything is valid. However, if I try to run with ValidationEndpoint, I'm stuck with 401 responses. Using Local validation still works, so does ValidationEndpoint when using unsigned versions of the same nugets. Also, ValidationEndpoint works using the versions of signed nugets that I need to upgrade.
Nothing in the logs of identity server. When I construct a validation request manually towards /accesstokenvalidation endpoint, I get expected reply. It is only the combo of new, signed nugets and ValidationEndpoint that is not working.
In eliminating all other elements I've gone all the way back to the "Simplest OAuth2 Walkthrough" sample project and use that for testing.
Any and every idea is highly appreciated.