Open sankj opened 1 week ago
@adityamandaleeka
@brentschmaltz @jennyf19 - Do you know if the latest Microsoft.IdentityModel packages are broken w.r.t. Microsoft.Owin.Security.OpenIdConnect?
@sankj - any possibililty of creating a repro of the issue?
@brentschmaltz , @jeffhandley, could you please let us know if this is true ? "latest Microsoft.IdentityModel packages are broken w.r.t. Microsoft.Owin.Security.OpenIdConnect?"
Thank you @eerhardt for asking around to see if this is a known issue. What kind of repro are you looking for with respect to this ? We have our app (its a url) in our test environment, where I can create the repro. What data would help you investigate this further?
What kind of repro are you looking for with respect to this ? We have our app (its a url) in our test environment, where I can create the repro. What data would help you investigate this further?
Check out https://github.com/dotnet/runtime/blob/main/CONTRIBUTING.md#writing-a-good-bug-report.
Typically posting the code for an application that reproduces the problem (link to a github repo or a .zip file, etc).
@eerhardt, thanks!
I followed the template: (https://github.com/dotnet/runtime/issues/new?assignees=&labels=&template=01_bug_report.yml) that you provided and described our issue. This has the error / link to the code that produces the error, etc. Please let me know if you need further information.
Description We host a MVC .NET web application that takes a dependency on: https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect/#versions-body-tab to implement OAuth2.0.
What we have found so far is that Microsoft.Owin.Security.OpenIdConnect 4.2.2 takes a dependency on Microsoft.IdentityModel.xxx - 6.11.1.0. However, we had to upgrade the identity model packages to Microsoft.IdentityModel.xxx to 7.6.0. What we have found is Microsoft.Owin.Security.OpenIdConnect 4.2.2 does not work with Microsoft.IdentityModel.xxx to 7.6.0.
We have not seen any update to the package: (https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect) since 2022.
Symptoms: The project builds successfully. However, our application throws an "Unable to decode payload" error when OAuth is being made. What we found out further was that: Microsoft.IdentityModel.xxx - 6.11.1.0 takes dependency on Newtonsoft Microsoft.IdentityModel.xxx to 7.6.0 takes dependency on System.Text.Json
Possibly that is the reason we are getting Unable to decode error ?
What are the recommended next steps to go forward here to help us unblock?
Reproduction Steps Code snippet: Repo link: https://microsoft.visualstudio.com/EngSys/_git/nebula?path=/Core/Nebula%20WFE/CloudMan.Web/App_Start/Startup.Auth.cs&version=GBmain&line=56&lineEnd=71&lineStartColumn=1&lineEndColumn=20&lineStyle=plain&_a=contents
Code: app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = async context => { await Task.Yield(); context.HandleResponse(); context.Response.Redirect("Home/Error?message=" + context.Exception.Message); } } });
Our MVC application uses the above code snippet to perform the OAuth2.0 authentication. Here, the authentication fails while doing the OAuth2.0.
Repro steps:
Expected behavior: Expected behavior is that we get authenticated and are redirected to the following Url (https://cloudmanbvt.corp.microsoft.com/) and see the page display. Image:
Actual behavior As I mentioned earlier in the repro steps this is the error we see.
2.a Server Error in '/' Application. The resource cannot be found. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /Home/Error Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4762.0
Regression? Yes, this is working when the Microsoft.Owin.Security.OpenIdConnect 4.2.2 dll is referencing Microsoft.IdentityModel.xxx - 6.11.1.0. However, once we upgraded Microsoft.IdentityModel.xxx - 6.11.1.0 to Microsoft.IdentityModel.xxx to 7.6.0, we started getting the above error.
Known Workarounds None
Configuration Which version of .NET is the code running on? .NET Framework 4.7.2
What OS and version, and what distro if applicable? this is running on a VM with OS22
What is the architecture (x64, x86, ARM, ARM64)? X64
Other information Symptoms: The project builds successfully. However, our application throws an "Unable to decode payload" error when OAuth is being made. What we found out further was that: Microsoft.IdentityModel.xxx - 6.11.1.0 takes dependency on Newtonsoft Microsoft.IdentityModel.xxx to 7.6.0 takes dependency on System.Text.Json
Would that be a reason why Microsoft.Owin.Security.OpenIdConnect not compatible with the latest Microsoft.IdentityModel.XX packages ?
Hello,
We host a MVC .NET web application that takes a dependency on: https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect/#versions-body-tab to implement OAuth2.0.
What we have found so far is that Microsoft.Owin.Security.OpenIdConnect 4.2.2 takes a dependency on Microsoft.IdentityModel.xxx - 6.11.1.0. However, we had to upgrade the identity model packages to Microsoft.IdentityModel.xxx to 7.6.0. What we have found is Microsoft.Owin.Security.OpenIdConnect 4.2.2 does not work with Microsoft.IdentityModel.xxx to 7.6.0.
We have not seen any update to the above package as well since 2022.
Symptoms: The project builds successfully. However, our application throws an "Unable to decode payload" error when OAuth is being made. What we found out further was that: Microsoft.IdentityModel.xxx - 6.11.1.0 takes dependency on Newtonsoft Microsoft.IdentityModel.xxx to 7.6.0 takes dependency on System.Text.Json
Possibly that is the reason we are getting Unable to decode error ?
What are the recommended next steps to go forward here to help us unblock?
Thank you!