You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When upgrading to .NET 8 preview 7, I can no longer log in. ASP.NET Core 8 is using v7.x of the Microsoft.IdentityModel.Protocols.OpenIdConnect while Microsoft.Identity.Web is using v6.x.
When attempting to hit an API, I get the following error:
www-authenticate: Bearer error="invalid_token"
When I hook into the OnAuthenticationFailed event, I get the following details:
at Microsoft.Identity.Web.Resource.RegisterValidAudience.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs:line 66
at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.IdentityModel.Tokens/Validators.cs:line 71
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateTokenPayloadAsync>d__71.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1431
at System.Threading.Tasks.ValueTask`1.get_Result() in /_/src/libraries/System.Private.CoreLib/src/System/Threading/Tasks/ValueTask.cs:line 812
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateJWSAsync>d__67.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1340
When I break on exceptions, I see that it's failing because it is expecting the security to token to be a JwtSecurityToken, while it is actually a JwtWebToken:
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
2.13.3
Web app
Sign-in users and call web APIs
Web API
Protected web APIs call downstream web APIs
Token cache serialization
Distributed caches
Description
When upgrading to .NET 8 preview 7, I can no longer log in. ASP.NET Core 8 is using v7.x of the
Microsoft.IdentityModel.Protocols.OpenIdConnect
whileMicrosoft.Identity.Web
is using v6.x.Reproduction steps
A basic out-of-the-box setup repros this:
Also, add the latest preview:
Error message
When attempting to hit an API, I get the following error:
When I hook into the
OnAuthenticationFailed
event, I get the following details:When I break on exceptions, I see that it's failing because it is expecting the security to token to be a JwtSecurityToken, while it is actually a JwtWebToken:
microsoft-identity-web/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs
Lines 60 to 64 in a8bf5aa
This appears to be related to #2323
Id Web logs
No response
Relevant code snippets
Regression
No response
Expected behavior
I expect to be able to authenticate and have a useable
ClaimsPrincipal
The text was updated successfully, but these errors were encountered: