Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception during login #1

Closed
ghost opened this issue Jul 9, 2016 · 3 comments
Closed

Exception during login #1

ghost opened this issue Jul 9, 2016 · 3 comments

Comments

@ghost
Copy link

ghost commented Jul 9, 2016

I'm following along the AspNet Core quickstart and I get the following exception while trying to login:

_SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey , KeyId: RTM1NzUzMkJCMDIwRjc5MTQ4MTIyNzU2QTQ4OUI0QkZCOTYxMjIyRg
Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId: RTM1NzUzMkJCMDIwRjc5MTQ4MTIyNzU2QTQ4OUI0QkZCOTYxMjIyRg
'.
Exceptions caught:
'System.ArgumentException: IDX10634: Unable to create the SignatureProvider.

SignatureAlgorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.X509SecurityKey'
is not supported._

Any help will be greatly appreciated.

Thanks,
Rudy
@webbkvalite
Copy link

webbkvalite commented Jul 19, 2016
edited
Loading

If you're using a HS256-key, it can be fixed by setting the TokenValidationParameters on the OpenIdConnectOptions.
First turn the clientSecret into a byte[] like so:

var keyAsBase64 = Configuration["auth0:clientSecret"].Replace('_', '/').Replace('-', '+');
var keyAsBytes = Convert.FromBase64String(keyAsBase64);

Next add the TokenValidationParameters like so:

TokenValidationParameters =
    {
        IssuerSigningKey = new SymmetricSecurityKey(keyAsBytes)
    }

@hjgraca
Copy link

hjgraca commented Sep 4, 2016

If you are getting this error it means you haven't changed the settings in the Auth0 dashboard. You need to change JsonWebToken Signature Algorithm to use RS256 under advanced options of your client.

fenix2222 added a commit to SSWConsulting/enterprise-musicstore-api-aspnet that referenced this issue Sep 17, 2016
@fenix2222
Fixed auth token validation as per auth0-samples/auth0-aspnetcore-mvc…
13a6228 
…-samples#1
@vmartynets vmartynets mentioned this issue Oct 22, 2016
Closed
@alatchi
Copy link

alatchi commented Oct 31, 2016

Thank you very much.
This fix the error.
I've changed from HmacSha256Signature to RsacSha256Signature.

@jerriep jerriep closed this as completed Feb 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hjgraca @jerriep @alatchi @webbkvalite