Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

* Throws SecurityTokenMalformedTokenException on malformed tokens

* Resolved review comments including renaming SecurityTokenMalformedTokenException to SecurityTokenMalformedException and updated comments

* Updated another comment in JwtSecurityTokenHandler

* Throws SecurityTokenMalformedException in JsonWebTokenHandler.ValidateTokenAsync and ValidateTokenAsync.ReadToken when failing to parse/read a token as a valid JWT
Added more comments

Git stats


Failed to load latest commit information.

Azure Active Directory IdentityModel Extensions for .NET


IdentityModel Extensions for .NET provide assemblies that are interesting for web developers that wish to use federated identity providers for establishing the caller's identity.


You can find the release notes for each version here. Older versions can be found here.

Note about 6.28.0

We delisted 6.28.0 as we found an edge case where a null reference could occur. Please use 6.28.1.

Note about 6.x

If you noticed, we bumped the release from 5.x to 6.x
We were maintaining two releases from two different branches.
dev - 6.x
dev5x - 5.x

Internally at Microsoft we were quickly required to remove all 3rd party libraries as IdentityModel is all about securing resources.
Since there were some breaking changes, given the time-line we had to maintain two releases.

Both of these branches were public and moved forward mostly in lock-step.
Once we finished our SignedHttpRequest functionality in the 6.x branch, we realized the delta between 5.x and 6.x was too large to maintain in both branches.
We decided now was the time to switch to a single release branch.
Since internally the versioning was at 6.4.2, we needed to release at 6.5.0.

There are some small breaking changes

We built and tested ASP.NET core with 6.5.0 without issues.
We also upgraded in place existing applications to 6.5.0 without issues.
This of course does not mean you will not hit issues, but we took it seriously.

Any questions or compatibility problems please open issues here.

Thank you for using our product

The IdentityModel Team.


IdentityModel Extensions for .NET 5 has now been released. If you are using IdentityModel Extensions with ASP.NET, the following combinations are supported:

  • IdentityModel Extensions for .NET 5.x, ASP.NET Core 1.x, ASP.NET Core 2.x, Katana 4.x
  • IdentityModel Extensions for .NET 4.x, ASP.NET 4, Katana 3.x All other combinations aren't supported.

For more details see Migration notes here

Samples and Documentation

The scenarios supported by IdentityModel extensions for .NET are described in Scenarios. The libraries are in particular used part of ASP.NET security to validate tokens in ASP.NET Web Apps and Web APIs. To learn more about token validation, and find samples, see:

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for IdentityModel:

Security Reporting


Security Vulnerability in Microsoft.IdentityModel.Tokens 5.1.0

IdentityModel Extensions library Microsoft.IdentityModel.Tokens has a known security vulnerability affecting version 5.1.0. Please update to >= 5.1.1 immediately. An updated package is available on NuGet. For more details, see the security notice.


All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. See for guidelines, branch information, build instructions, and legalese.


Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.