Closed true-perfect-code closed 4 months ago
I,m also having this issue with version 8 of AspNetCore.Authentication.JwtBearer, ground cause seems to be in the OpenIdConnect package dependency going from version 6 to 7.
@true-perfect-code https://github.com/true-perfect-code/WebApiNet8_minimalAPI is now returning a 404. Are you still having an issue? If so, can you put the repro app back up?
There was a breaking change in .NET 8 that was announced in https://learn.microsoft.com/en-us/dotnet/core/compatibility/aspnet-core/8.0/securitytoken-events. You can revert to the previous JwtSecurityToken
behavior rather than the new JsonWebToken
behavior if it's breaking your app. Everything that was supported by JwtSecurityToken
should be supported by JsonWebToken
, but you may need to update your code following the guidance in the "Recommended action" section of the breaking change announcement.
Hi Stephen (@halter73 ), I'm Justin from perfect-code.
I have looked at the reported problem from Daniel (also from perfect-code) and the problem still exists. Since almost no one else is reporting the same problem, I assume that the error must be ours and we missed to configure the code correctly.
I have created a new project and uploaded it to GitHub. When I use NuGet version 7.0.14, my WebApi (minimal API) runs without any problems:
If I then send a query to WebApi Server, I get the answer
If I now update NuGet to 8.0.2, make the adjustment in the code described in your link and test everything, I get an error message. It does not work.
You can find the project on GitHub at https://github.com/true-perfect-code/JwtBearer_Problem
As written, I assume that something is configured incorrectly here and hope that you can quickly explain this to us so that we can close this item.
Thank you very much Justin
Hello @halter73 , is there anything new? Is it a bigger problem after all?
Regards tpc
I have the same problem and i can't solve Here is my code: https://github.com/Lorthirash/JWTBEARERNET8
it is work jwtbearer version 7 but new 8+ doesn't work. How can is solve the problem? please help.
@true-perfect-code It looks like the issue was an invalid "iat" claim. RFC 7519 Section 4.1.6 states that it "MUST be a number containing a NumericDate value" where "NumericDate" is Unix Time.
https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
So new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString())
should instead be new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString()),
so "iat": "5/29/2024 10:00:52 PM"
becomes "iat": "1717020577"
If you update your appsettings.Development.json to include "Information" level logging for "Microsoft.AspNetCore", you would see the following in the log output when trying to use a token with an invalid "iat" claim:
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
---> System.ArgumentException: IDX14101: Unable to decode the payload '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string.
---> System.Text.Json.JsonException: IDX11020: The JSON value of type: 'String', could not be converted to 'JsonTokenType.Number'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.iat', Position: '52', CurrentDepth: '1', BytesConsumed: '75'.
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadLong(Utf8JsonReader& reader, String propertyName, String className, Boolean read)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreatePayloadClaimSet(Byte[] bytes, Int32 length)
at Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode[T](String input, Int32 offset, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreateClaimSet(String rawString, Int32 startIndex, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
--- End of inner exception stack trace ---
The relevant bit here is "The JSON value of type: 'String', could not be converted to 'JsonTokenType.Number'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.iat'".
The part about "JWT is not well formed, there are no dots (.)." appears to be a red herring because the token does indeed have dots. Someone has already reported that this seems to get over reported any time there's a failure in JsonWebTokenHandler.ValidateToken
at https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2058. I'll update that thread with this example and see if we can improve the Exception message.
This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.
See our Issue Management Policies for more information.
@halter73 Thank you very much, it works. Our prediction was correct, it was our mistake. Thank you once again.
Is there an existing issue for this?
Describe the bug
Authentication via JWT in minimal API works with nuget Microsoft.AspNetCore.Authentication.JwtBearer 7.0.145 but not with Microsoft.AspNetCore.Authentication.JwtBearer 8.0.0
Expected Behavior
The error message is Error: response status is 401 content-length: 0 date: Mon,27 Nov 2023 08:51:14 GMT server: Kestrel www-authenticate: Bearer error="invalid_token"
The error message can be reproduced via the attached GitHub project by optionally changing nuget from version 7.014 to 8.0.0 and vice versa.
Steps To Reproduce
GitHub Repository: https://github.com/true-perfect-code/WebApiNet8_minimalAPI
Exceptions (if any)
No response
.NET Version
NET 8
Anything else?
No response