Skip to content

fix: Resolve transient dependency conflict with Microsoft.IdentityModel.Protocols in JwtBearer authentication #785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 11, 2025
Merged

fix: Resolve transient dependency conflict with Microsoft.IdentityModel.Protocols in JwtBearer authentication #785

merged 1 commit into from
Apr 11, 2025

Conversation

aniket-okta
Copy link
Contributor

@aniket-okta aniket-okta commented Apr 9, 2025
edited
Loading

Fixes #745

Problem

Applications using Microsoft.AspNetCore.Authentication.JwtBearer alongside Okta [SDK.NET](http://sdk.net/) 8.2.0 encounter a runtime error (IDX10500: Signature validation failed) due to transient dependency mismatches. This occurs because the SDK indirectly references outdated versions of Microsoft.IdentityModel.Protocols and Microsoft.IdentityModel.Protocols.OpenIdConnect, breaking OpenID Connect metadata retrieval.

Solution

  • Explicitly reference Microsoft.IdentityModel.Protocols (v8.2.0) and Microsoft.IdentityModel.Protocols.OpenIdConnect (v8.2.0) in the project file to enforce compatibility with JwtBearer 8.x.

Impact

  • Restores correct signing key resolution for JWT validation.
  • Prevents runtime failures in applications relying on JwtBearer authentication with Okta.

Verification Steps
Validate that IDX10500 errors no longer occur during authentication.

Why This Works

  • The explicit package references override transitive dependencies, ensuring the correct versions of Protocols and OpenIdConnect are used.
  • These packages contain critical logic for retrieving OpenID Connect metadata (e.g., signing keys), which resolves the IDX10500 error.

@aniket-okta aniket-okta self-assigned this Apr 9, 2025
@aniket-okta aniket-okta reopened this Apr 11, 2025
@aniket-okta aniket-okta merged commit fb355f5 into master Apr 11, 2025
4 checks passed
@aniket-okta aniket-okta deleted the OKTA-812145 branch April 11, 2025 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BinoyOza-okta BinoyOza-okta BinoyOza-okta approved these changes

@pranav-okta pranav-okta Awaiting requested review from pranav-okta

@prachi-okta prachi-okta Awaiting requested review from prachi-okta

@aditya-okta aditya-okta Awaiting requested review from aditya-okta

Assignees

@aniket-okta aniket-okta

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Okta SDK.NET 8.1.5 Triggers a transient dependency breaking issue
2 participants
@aniket-okta @BinoyOza-okta