JwtSecurityTokenHandler 4.0.0 Breaking Changes?

Question

This is a simplified test for JwtSecurityTokenHandler 4.0.0 in Linqpad. The code works well with JwtSecurityTokenHandler 3.0.2, the token is generated and validated. In 4.0.

Answer 1

Sorry you're experiencing issues. We will get some more eyes on the above to see what might be wrong. In the meanwhile, I suggest taking a look to https://github.com/AzureADSamples/WebAPI-ManuallyValidateJwt-DotNet and in particular global.asax.cs - that's the sample where we feature raw use of the JWT handler. HTH V.

Answer 2

This exception is thrown if:

1. The jwt has a 'kid'
2. The runtime was unable to match any of the SigningTokens.

While we investigate the issue, you can use the delegate TokenValidationParameters.IssuerSigningKeyResolver to directly return the signing key to use when checking the signature.

To achieve this set: TokenValidationParameters.IssuerSigningkeyResolver to a function that will return the same key that you set above in TokenValidationParameters.SigningToken. The purpose of this delegate is to instruct the runtime to ignore any 'matching' semantics and just try the key.

If the signature validation still fails, it may be a key issue.

If the signature validation doesn't fail, the runtime may need a fix.

If you can provide us with a jwt signed with that public key, that would help us make a fix.

thanks for giving us a try, sorry for the hassle.