Sts Login Unauthorized Error

[ozturkfatih]

Hi, Client create a token from login endpoint, after call stslogin endpoint but return response 401. Created token has been validated on https://jwt.io/, I have added Identity Server startup IdentityModelEventSource.ShowPII = true; Show Error Like This [20:40:37 ERR] JWT token validation error: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.JsonWebKey, Use: '', Kid: 'CC252F9C341D7B5A47ED7E7EC43E5436', Kty: 'RSA', InternalId: 'f2257647-6fed-4004-97c2-12020dc56584'. , KeyId: CC252F9C341D7B5A47ED7E7EC43E5436 '. Exceptions caught: 'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider. Algorithm: 'HS512', SecurityKey: 'Microsoft.IdentityModel.Tokens.JsonWebKey, Use: '', Kid: 'CC252F9C341D7B5A47ED7E7EC43E5436', Kty: 'RSA', InternalId: 'f2257647-6fed-4004-97c2-12020dc56584'.' is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) '. token: '{"alg":"HS512","typ":"JWT"}.{"aud":"TestApp","iss":"TestApp","sub":"3a01709c-f071-7f64-780a-13ce18cbe962","given_name":"admin","name":"admin","email":"admin@test.io","tenantid":"","role":"admin","nbf":1642268399,"exp":1642354799,"iat":1642268399}'. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.JsonWebKey, Use: '', Kid: 'CC252F9C341D7B5A47ED7E7EC43E5436', Kty: 'RSA', InternalId: 'f2257647-6fed-4004-97c2-12020dc56584'. , KeyId: CC252F9C341D7B5A47ED7E7EC43E5436 '. Exceptions caught: 'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider. Algorithm: 'HS512', SecurityKey: 'Microsoft.IdentityModel.Tokens.JsonWebKey, Use: '', Kid: 'CC252F9C341D7B5A47ED7E7EC43E5436', Kty: 'RSA', InternalId: 'f2257647-6fed-4004-97c2-12020dc56584'.' is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) '. token: '{"alg":"HS512","typ":"JWT"}.{"aud":"TestApp","iss":"TestApp","sub":"3a01709c-f071-7f64-780a-13ce18cbe962","given_name":"admin","name":"admin","email":"admin@test.io","tenantid":"","role":"admin","nbf":1642268399,"exp":1642354799,"iat":1642268399}'. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at IdentityServer4.Validation.TokenValidator.ValidateJwtAsync(String jwt, IEnumerable1 validationKeys, Boolean validateLifetime, String audience) [20:40:37 INF] Request finished HTTP/1.1 GET https://localhost:44390/connect/userinfo - - - 401 0 - 94.3922ms`

[WangJunZzz]

use identityserver4 token or custome issue token?

[ozturkfatih]

I used custome token, token generated in account service login method.

[ozturkfatih]

[WangJunZzz]

stsLogin use identiyserver4 token，then get user info。