search

NetDevPack / Security.Jwt

Jwt Manager. Set of components to deal with Jwt Stuff. Automate your key rotating, add support for jwks_uri. Store your cryptography keys in a secure place.
MIT License
271 stars 38 forks source link

JsonWebKey deserialization depends on global JsonSerializerOptions #54

Closed 50c closed 5 months ago

50c commented 8 months ago

Hi, I'm a happy user of your helpful library, but recently I have encounted a problem. After some updates on my project, the SigningCredentials returned by the library was not accepted anymore for jwt signing and throws misleading error:

System.NotSupportedException: IDX10621: 'Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider' supports: 'Microsoft.IdentityModel.Tokens.SecurityKey' of types: 'Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey' or 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey'. SecurityKey received was of type 'Microsoft.IdentityModel.Tokens.JsonWebKey'.

After further investigation and debugging, I found that returned SecurityKey has just default values for his properties. This was caused by wrong deserialization of JsonWebKey by KeyMaterial.GetSecurityKey that is depending on JsonSerializerOptions

I have the small fix for this that I could send as merge request.

brunobritodev commented 8 months ago

Ok, great!! Send a PR

sherlock1982 commented 6 months ago

This will also close #47