Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/9.0] Fix loading dotnet user-jwts config #59473

Open
wants to merge 1 commit into
base: release/9.0
Choose a base branch
from

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Dec 13, 2024

Backport of #59425 to release/9.0

/cc @halter73

Fix loading dotnet user-jwts config

Description

This PR fixes a bug introduced in .NET 9 that caused the JwtBearerHandler to reject JWT tokens created by dotnet user-jwts create despite the tool correctly setting the necessary configuration. The issue was caused by the JwtBearerHandler not loading the user-jwts IssuerSigningKeys from user-secrets configuration.

Fixes #58996

Customer Impact

Without this fix, the functionality of dotnet user-jwts is broken when referencing the Microsoft.AspNetCore.Authentication.JwtBearer 9.0 NuGet package. There is a workaround of manually reading the IssuerSigningKeys from config, but this isn't at all discoverable unless you find the GitHub issue.

builder.Services.AddAuthentication("Bearer").AddJwtBearer(o =>
{
    o.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("Authentication:Schemes:Bearer:SigningKeys:0").GetValue<string>("Value")));
});

Regression?

  • Yes
  • No

This behavior regressed between .NET 8 and .NET 9.

Risk

  • High
  • Medium
  • Low

This is a one-line change that is now covered by both end-to-end and unit testing introduced in this PR.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Dec 13, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Dec 13, 2024
@halter73 halter73 added the Servicing-consider Shiproom approval is required for the issue label Dec 14, 2024
@mkArtakMSFT mkArtakMSFT added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Dec 18, 2024
Copy link
Contributor

Hi @github-actions[bot]. This PR was just approved to be included in the upcoming servicing release. Somebody from the @dotnet/aspnet-build team will get it merged when the branches are open. Until then, please make sure all the CI checks pass and the PR is reviewed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI Servicing-approved Shiproom has approved the issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants