search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.44k stars 10.02k forks source link

System.IdentityModel.Tokens.Jwt.JwtPayload skips Data from Payload #56948

Closed fseidl-bauradar closed 3 months ago

fseidl-bauradar commented 3 months ago

Is there an existing issue for this?

Describe the bug

I checked the Verification Process and found out, that the payload isn't decoded correctly, CreateJWTPayload inside System.IdentityModel.Tokens.Jwt.JwtPayload seems to Properties 1,3,5,7, ...

grafik

grafik

Expected Behavior

No response

Steps To Reproduce

I sent a jwt token with the following Payload to

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6IjEiLCJEZXZpY2VJZCI6IkRldmljZSIsIkRldmljZU5hbWUiOiJEZXZpY2VOYW1lIiwidXNlck5hbWUiOiJ0ZXN0ZXIiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOlsiYSIsImIiLCJjIl0sIm5iZiI6MTcyMTczNTg4OCwiZXhwIjoxNzIxNzM3Mzg4LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjI4NzQ3LyIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6Mjg3NDcvIn0.B3_F9iCFLdoEpLNKTJCy3Ix-3oCUB9znVATGCA28flBTSd9YJAiiCFoRXZdDzpFvi5WwswvgW4fsNxskl9ovdWZKGeyOrK7m0bYnIcV37gy0WBkc3oy9Sgh7t_ykXkqEEWuTXr5rWhIoH5TfTx7SUVnTQVB7e3b-e4MqDtNs3AnfDMwU1ySPBZsRsXgM5YoZ2cTkybEVfogX1edTS7cJDfXegHqZBPB46pGYREyxunNdKYcBWUrXnl_o-5VRXBW2wVYO_NBNLQSF5F2DT-S6TH_hNQVlzI4FhPhu5ssrmj37DhsqfEcSw1Lcea-yvY96r-BX4yHPk-jr5Pg1jx2vEQ

but this token contains the following payload according to https://www.base64decode.org/ and jwt.io

grafik grafik

But, the payload decoded, only returns every second property of the payload.

grafik

During debugging, I found out that the following code, only extracts grafik

grafik

It seems to me like there is an problem in the JwtPayload.

Exceptions (if any)

No response

.NET Version

8.0.302

Anything else?

No response

MackinnonBuck commented 3 months ago

@fseidl-bauradar, please ensure that you're on the latest versions of each IdentityModel package. There is a known breaking change that causes this issue to occur when package versions mismatch.

@jmprieur Where should we be pointing people when this issue arises? Is there a breaking change announcement somewhere?

halter73 commented 3 months ago

You can try to use dotnet list package --outdated and dotnet list package --include-prerelease to see any transitive dependencies that may be out of date.

I think this might be related to breaking changes described in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2513

jmprieur commented 3 months ago

@jmprieur Where should we be pointing people when this issue arises? Is there a breaking change announcement somewhere? We maintain a page with the breaking changes: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IdentityModel-8x

fseidl-bauradar commented 3 months ago

Thanks, after updating the last Package, it's working like a charm