Closed cryo75 closed 5 months ago
Hi,
Unfortunately, you're very likely hitting this IdentityModel bug, introduced in the 7.4.0 version referenced by OpenIddict 5.3.0: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2514. Sadly, they haven't released a fix yet.
You have a few options:
Replace the MSFT OIDC handler by the OpenIddict client, which is not affected by this bug: https://twitter.com/kevin_chalet/status/1767214511134523438
Note: if you're interested in giving it a try, don't hesitate to take a look at the samples repo (all the samples now use it): https://github.com/openiddict/openiddict-samples
@kevinchalet we are working on the issue. It could be a mismatch assembly version. Can you check that all IdentityModel assemblies are the same version?
Can you check that all IdentityModel assemblies are the same version?
I reproduced the issue locally and it indeed works fine if both Microsoft.IdentityModel.Tokens
and Microsoft.IdentityModel.Protocols.OpenIdConnect
are the same version (e.g 7.3.1 or 7.4.0). As soon as you bump Microsoft.IdentityModel.Protocols.OpenIdConnect
to 7.4.0 without also bumping the other one, you're affected.
Repro:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.4.0" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.3.1" />
</ItemGroup>
</Project>
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
var json = $$"""
{
"issuer": "https://localhost:44395/",
"authorization_endpoint": "https://localhost:44395/connect/authorize"
}
""";
var configuration = new OpenIdConnectConfiguration(json);
Console.WriteLine(configuration.AuthorizationEndpoint);
I've been trying to figure out why I was getting this error for 2 days now đ
hi
They fixed the JSON
problem, Using Microsoft.IdentityModel.Protocols.OpenIdConnect >= 7.4
will be no problem.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2491
Hey @maliming,
Well, it's a bit more complicated: just referencing the latest version of that package isn't enough, you need to ensure all the IdentityModel packages - directly referenced or brought transitively - are the same version.
If you're seeing issues in ABP Framework in the projects that use ASP.NET Core's OIDC or JWT handlers, I'd recommend explicitly referencing both Microsoft.IdentityModel.Protocols.OpenIdConnect
and Microsoft.IdentityModel.Tokens
to avoid any issue.
Confirm you've already contributed to this project or that you sponsor it
Version
5.0.3
Question
I have an OpenIddict server still on 4.10.1 and NET7. I have a blazor server-side app that I upgraded to NET8 and OpenIddict 5.0.3. The project compiled successfully and no additional changes were made. When I start the app I get the following exception:
Are there any other changes that need to be done client-side?