This repository has been archived by the owner. It is now read-only.

Support System.IdentityModel.Tokens.Jwt 5.0.0 #3017

Closed
sandord opened this Issue Jun 27, 2016 · 32 comments

Comments

Projects
None yet
@sandord

sandord commented Jun 27, 2016

I've upgraded my project to the latest release of System.IdentityModel.Tokens.Jwt (5.0.0).

Now I get a runtime exception in my host:

Could not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly
'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35'.
@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege

leastprivilege Jun 27, 2016

Member

We don't load that assembly - that must come from somewhere else. Stack trace?

Member

leastprivilege commented Jun 27, 2016

We don't load that assembly - that must come from somewhere else. Stack trace?

@sandord

This comment has been minimized.

Show comment
Hide comment
@sandord

sandord Jun 27, 2016

Apparently it has something to do with Bearer Token Authentication:

System.TypeLoadException: Could not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly 'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
   at Owin.IdentityServerBearerTokenValidationAppBuilderExtensions.<>c__DisplayClass9.<ConfigureLocalValidation>b__8()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at System.Lazy`1.get_Value()
   at Owin.IdentityServerBearerTokenValidationAppBuilderExtensions.UseIdentityServerBearerTokenAuthentication(IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) in c:\local\identity\server3\AccessTokenValidation\source\AccessTokenValidation\IdentityServerBearerTokenValidationAppBuilderExtensions.cs:line 46
   at MyHost.Startup.Configuration(IAppBuilder app) in C:\MyHost\MyHost\Startup.cs:line 46

sandord commented Jun 27, 2016

Apparently it has something to do with Bearer Token Authentication:

System.TypeLoadException: Could not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly 'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
   at Owin.IdentityServerBearerTokenValidationAppBuilderExtensions.<>c__DisplayClass9.<ConfigureLocalValidation>b__8()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at System.Lazy`1.get_Value()
   at Owin.IdentityServerBearerTokenValidationAppBuilderExtensions.UseIdentityServerBearerTokenAuthentication(IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options) in c:\local\identity\server3\AccessTokenValidation\source\AccessTokenValidation\IdentityServerBearerTokenValidationAppBuilderExtensions.cs:line 46
   at MyHost.Startup.Configuration(IAppBuilder app) in C:\MyHost\MyHost\Startup.cs:line 46
@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege

leastprivilege Jun 27, 2016

Member

Well - 5.0 means breaking change. Maybe it's not compatible with the old OWIN middleware.

Member

leastprivilege commented Jun 27, 2016

Well - 5.0 means breaking change. Maybe it's not compatible with the old OWIN middleware.

@zetanet

This comment has been minimized.

Show comment
Hide comment
@zetanet

zetanet Jul 1, 2016

Same problem here after upgrading ASP.NET MVC 5 project with latest library..

Code.

....
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With {
.ClientId = ConfigHelper.ClientId,
.Authority = ConfigHelper.Authority,
.TokenValidationParameters = New IdentityModel.Tokens.TokenValidationParameters With {.RoleClaimType = "roles"},
....

zetanet commented Jul 1, 2016

Same problem here after upgrading ASP.NET MVC 5 project with latest library..

Code.

....
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With {
.ClientId = ConfigHelper.ClientId,
.Authority = ConfigHelper.Authority,
.TokenValidationParameters = New IdentityModel.Tokens.TokenValidationParameters With {.RoleClaimType = "roles"},
....

@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege

leastprivilege Jul 1, 2016

Member

Well - then don't use the v5 of system.identitymodel. It's not compatible.

Member

leastprivilege commented Jul 1, 2016

Well - then don't use the v5 of system.identitymodel. It's not compatible.

@twilly86

This comment has been minimized.

Show comment
Hide comment
@twilly86

twilly86 Jul 6, 2016

what's the fix for this? downgrading identity model to v4?

running this worked for me...

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

twilly86 commented Jul 6, 2016

what's the fix for this? downgrading identity model to v4?

running this worked for me...

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege
Member

leastprivilege commented Jul 6, 2016

yes

@human3820917

This comment has been minimized.

Show comment
Hide comment
@human3820917

human3820917 Jul 20, 2016

@twilly86 - Did you uninstall "System.IdentityModel.Tokens.Jwt" first before running ...

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

human3820917 commented Jul 20, 2016

@twilly86 - Did you uninstall "System.IdentityModel.Tokens.Jwt" first before running ...

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

@bmacharla-erwin

This comment has been minimized.

Show comment
Hide comment
@bmacharla-erwin

bmacharla-erwin Sep 21, 2016

Cannot downgrade System.IdentityModel.Tokens.Jwt to 4.0.0.x:

'System.IdentityModel.Tokens.Jwt 4.0.3.308261200' is not compatible with 'Microsoft.IdentityModel.Protocols 2.0.0 constraint: System.IdentityModel.Tokens.Jwt (>= 5.0.0)'. 0

bmacharla-erwin commented Sep 21, 2016

Cannot downgrade System.IdentityModel.Tokens.Jwt to 4.0.0.x:

'System.IdentityModel.Tokens.Jwt 4.0.3.308261200' is not compatible with 'Microsoft.IdentityModel.Protocols 2.0.0 constraint: System.IdentityModel.Tokens.Jwt (>= 5.0.0)'. 0

@Zapnologica

This comment has been minimized.

Show comment
Hide comment
@Zapnologica

Zapnologica Sep 22, 2016

I to have updated all my nuget packages. I am using Azure AD B2C and after updating I get
not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly 'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

When I run the web app.

Zapnologica commented Sep 22, 2016

I to have updated all my nuget packages. I am using Azure AD B2C and after updating I get
not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly 'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

When I run the web app.

@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege

leastprivilege Sep 23, 2016

Member

As said before - 5.0 is not compatible with Katana. This is a Microsoft issue.

Member

leastprivilege commented Sep 23, 2016

As said before - 5.0 is not compatible with Katana. This is a Microsoft issue.

@IdentityServer IdentityServer locked and limited conversation to collaborators Sep 23, 2016

@IdentityServer IdentityServer unlocked this conversation Sep 23, 2016

@jellebens

This comment has been minimized.

Show comment
Hide comment
@jellebens

jellebens Dec 6, 2016

Is microsoft doing anything about this issue?

jellebens commented Dec 6, 2016

Is microsoft doing anything about this issue?

@leastprivilege

This comment has been minimized.

Show comment
Hide comment
@leastprivilege

leastprivilege Feb 19, 2017

Member

We? Or Microsoft ;)

5.x is not compatible with Katana 3 - it is for .NET Core going forward. You need to stay on 4.x

Member

leastprivilege commented Feb 19, 2017

We? Or Microsoft ;)

5.x is not compatible with Katana 3 - it is for .NET Core going forward. You need to stay on 4.x

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Feb 19, 2017

Member

5.x is not compatible with Katana 3 - it is for .NET Core going forward. You need to stay on 4.x

And you can thank Microsoft that they did not properly document this or make it at all obvious.

Member

brockallen commented Feb 19, 2017

5.x is not compatible with Katana 3 - it is for .NET Core going forward. You need to stay on 4.x

And you can thank Microsoft that they did not properly document this or make it at all obvious.

@BrianMinister

This comment has been minimized.

Show comment
Hide comment
@BrianMinister

BrianMinister Mar 23, 2017

Understanding the difference between 4.x and 5.x would have been a lot clearer if 5.x was changed to have the word core in the namespace or file name.

I burned through a day trying to understand my issue until I spotted this thread.

BrianMinister commented Mar 23, 2017

Understanding the difference between 4.x and 5.x would have been a lot clearer if 5.x was changed to have the word core in the namespace or file name.

I burned through a day trying to understand my issue until I spotted this thread.

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Mar 23, 2017

Member

I burned through a day trying to understand my issue until I spotted this thread.

Please let Microsoft know -- they need to improve.

Member

brockallen commented Mar 23, 2017

I burned through a day trying to understand my issue until I spotted this thread.

Please let Microsoft know -- they need to improve.

@hitendramalviya

This comment has been minimized.

Show comment
Hide comment
@hitendramalviya

hitendramalviya Apr 16, 2017

Why Microsoft not doing things properly now-a-days. I was burning since last 2 days. In last I came across this issue thank god.

hitendramalviya commented Apr 16, 2017

Why Microsoft not doing things properly now-a-days. I was burning since last 2 days. In last I came across this issue thank god.

@AnisTss

This comment has been minimized.

Show comment
Hide comment
@AnisTss

AnisTss May 5, 2017

+1 I wasted a day trying to resolve this.
Microsoft should know about this.

AnisTss commented May 5, 2017

+1 I wasted a day trying to resolve this.
Microsoft should know about this.

@kwaxi

This comment has been minimized.

Show comment
Hide comment
@kwaxi

kwaxi May 20, 2017

Is limiting the NuGet package version for now as proposed a way to go until the root problem is solved?

kwaxi commented May 20, 2017

Is limiting the NuGet package version for now as proposed a way to go until the root problem is solved?

@kwaxi

This comment has been minimized.

Show comment
Hide comment

kwaxi commented May 21, 2017

@coreyperkins

This comment has been minimized.

Show comment
Hide comment
@coreyperkins

coreyperkins May 26, 2017

Microsoft has made a big mess with their dependencies as of late. This isn't the fault of the idsrv guys, but it's sure messy for those of us who use libraries like System.IdentityModel.Tokens.Jwt.

coreyperkins commented May 26, 2017

Microsoft has made a big mess with their dependencies as of late. This isn't the fault of the idsrv guys, but it's sure messy for those of us who use libraries like System.IdentityModel.Tokens.Jwt.

@dawideswe

This comment has been minimized.

Show comment
Hide comment
@dawideswe

dawideswe May 27, 2017

Messy is the word

dawideswe commented May 27, 2017

Messy is the word

@ursenix

This comment has been minimized.

Show comment
Hide comment
@ursenix

ursenix Jun 30, 2017

I didn't uninstall, instead I installed using:

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

The results:
Attempting to gather dependency information for package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' with respect to project 'XX.API', targeting '.NETFramework,Version=v4.6'
Gathering dependency information took 1.53 min
Attempting to resolve dependencies for package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' with DependencyBehavior 'Lowest'
One or more unresolved package dependency constraints detected in the existing packages.config file. All dependency constraints must be resolved to add or update packages. If these packages are being updated this message may be ignored, if not the following error(s) may be blocking the current package operation: 'System.IdentityModel.Tokens.Jwt 5.1.4'
Resolving dependency information took 0 ms
Resolving actions to install package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351'
Resolved actions to install package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351'
Retrieving package 'System.IdentityModel.Tokens.Jwt 4.0.2.206221351' from 'nuget.org'.
Removed package 'System.IdentityModel.Tokens.Jwt.5.1.4' from 'packages.config'
Successfully uninstalled 'System.IdentityModel.Tokens.Jwt.5.1.4' from XX.API
Adding package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' to folder
Executing nuget actions took 2.65 sec
Time Elapsed: 00:01:34.7684661

ursenix commented Jun 30, 2017

I didn't uninstall, instead I installed using:

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

The results:
Attempting to gather dependency information for package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' with respect to project 'XX.API', targeting '.NETFramework,Version=v4.6'
Gathering dependency information took 1.53 min
Attempting to resolve dependencies for package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' with DependencyBehavior 'Lowest'
One or more unresolved package dependency constraints detected in the existing packages.config file. All dependency constraints must be resolved to add or update packages. If these packages are being updated this message may be ignored, if not the following error(s) may be blocking the current package operation: 'System.IdentityModel.Tokens.Jwt 5.1.4'
Resolving dependency information took 0 ms
Resolving actions to install package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351'
Resolved actions to install package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351'
Retrieving package 'System.IdentityModel.Tokens.Jwt 4.0.2.206221351' from 'nuget.org'.
Removed package 'System.IdentityModel.Tokens.Jwt.5.1.4' from 'packages.config'
Successfully uninstalled 'System.IdentityModel.Tokens.Jwt.5.1.4' from XX.API
Adding package 'System.IdentityModel.Tokens.Jwt.4.0.2.206221351' to folder
Executing nuget actions took 2.65 sec
Time Elapsed: 00:01:34.7684661

@nikhilsarvaiye

This comment has been minimized.

Show comment
Hide comment
@nikhilsarvaiye

nikhilsarvaiye Jul 21, 2017

It will work but then you cannot add any other authentication like open id which requires jwt 5.1.2

nikhilsarvaiye commented Jul 21, 2017

It will work but then you cannot add any other authentication like open id which requires jwt 5.1.2

@shyamjiniranjan

This comment has been minimized.

Show comment
Hide comment
@shyamjiniranjan

shyamjiniranjan Oct 31, 2017

It is working but after degrading from jwt 5.1.2 to jwt 4.x i am not able to validate my token because JwtSecurityTokenHandler is expecting jwt 5.1.2. Please help me to validate token in this case.

shyamjiniranjan commented Oct 31, 2017

It is working but after degrading from jwt 5.1.2 to jwt 4.x i am not able to validate my token because JwtSecurityTokenHandler is expecting jwt 5.1.2. Please help me to validate token in this case.

@INGCRENGIFO

This comment has been minimized.

Show comment
Hide comment
@INGCRENGIFO

INGCRENGIFO Nov 28, 2017

any solution?

INGCRENGIFO commented Nov 28, 2017

any solution?

@ederbond

This comment has been minimized.

Show comment
Hide comment
@ederbond

ederbond Nov 28, 2017

Can anyone post an example of how to Validate a JWT Token using System.IdentityModel.Tokens.Jwt version="5.1.4" ?

ederbond commented Nov 28, 2017

Can anyone post an example of how to Validate a JWT Token using System.IdentityModel.Tokens.Jwt version="5.1.4" ?

@ederbond

This comment has been minimized.

Show comment
Hide comment
@ederbond

ederbond Nov 28, 2017

Here is an example of how to validade a JWT Token using System.IdentityModel.Tokens.Jwt version="5.1.4":

protected User ValidateJwtToken(string jwtToken)
{
    if (string.IsNullOrWhiteSpace(jwtToken))
        return null;

    var token = new JwtSecurityToken(jwtToken);

    var jwtIssuerSigningToken = ConfigurationManager.AppSettings["JwtIssuerSigningToken"];
    var decodedKey = TextEncodings.Base64Url.Decode(jwtIssuerSigningToken);

    var parameters = new TokenValidationParameters
    {
        ValidAudience = "YourApp",

        ///This was the property I was looking for after upgrading from v4 to v5.1.4
        IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(decodedKey),
        //On version 4 it was called as bellow
        //IssuerSigningToken = new BinarySecretSecurityToken(decodedKey),

        ValidIssuer = "http://localhost:9001/",
        ClockSkew = new TimeSpan(0),
        ValidateLifetime = true
    };

    Microsoft.IdentityModel.Tokens.SecurityToken validatedToken = null;
    var principal = new JwtSecurityTokenHandler().ValidateToken(token.RawData, parameters, out validatedToken);

    return new User()
    {
        Id = principal.Claims.Single(x => x.Type == "UserID").Value,
        Name = principal.Claims.Single(x => x.Type == ClaimTypes.NameIdentifier).Value,
        CustomerStatus = principal.Claims.Single(x => x.Type == ClaimTypes.Role).Value.ToEnum(CustomerStatus.Anonymous),
        Email = principal.Claims.Single(x => x.Type == ClaimTypes.Email).Value,
        SessionId = principal.Claims.Single(x => x.Type == "SessionID").Value,
    };
}

ederbond commented Nov 28, 2017

Here is an example of how to validade a JWT Token using System.IdentityModel.Tokens.Jwt version="5.1.4":

protected User ValidateJwtToken(string jwtToken)
{
    if (string.IsNullOrWhiteSpace(jwtToken))
        return null;

    var token = new JwtSecurityToken(jwtToken);

    var jwtIssuerSigningToken = ConfigurationManager.AppSettings["JwtIssuerSigningToken"];
    var decodedKey = TextEncodings.Base64Url.Decode(jwtIssuerSigningToken);

    var parameters = new TokenValidationParameters
    {
        ValidAudience = "YourApp",

        ///This was the property I was looking for after upgrading from v4 to v5.1.4
        IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(decodedKey),
        //On version 4 it was called as bellow
        //IssuerSigningToken = new BinarySecretSecurityToken(decodedKey),

        ValidIssuer = "http://localhost:9001/",
        ClockSkew = new TimeSpan(0),
        ValidateLifetime = true
    };

    Microsoft.IdentityModel.Tokens.SecurityToken validatedToken = null;
    var principal = new JwtSecurityTokenHandler().ValidateToken(token.RawData, parameters, out validatedToken);

    return new User()
    {
        Id = principal.Claims.Single(x => x.Type == "UserID").Value,
        Name = principal.Claims.Single(x => x.Type == ClaimTypes.NameIdentifier).Value,
        CustomerStatus = principal.Claims.Single(x => x.Type == ClaimTypes.Role).Value.ToEnum(CustomerStatus.Anonymous),
        Email = principal.Claims.Single(x => x.Type == ClaimTypes.Email).Value,
        SessionId = principal.Claims.Single(x => x.Type == "SessionID").Value,
    };
}
@pierslawson

This comment has been minimized.

Show comment
Hide comment
@pierslawson

pierslawson Dec 4, 2017

Looking at the exception, it appears that the latest version of System.IdentityModel.Tokens.Jwt has a hardcoded dependency on version 9 of Newtonsoft.Json. If your project references version 10 or more you will get an exception thrown containing information along the lines of ""IDX10729: Unable to decode the header". If you keep looking into the Inner Exceptions you can see the Json Extensions are failing to initialise because it cannot find Newtonsoft.Json. I got around this by redirecting the assembly binding in my web.config:

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

I'll see if there is an open issue on the Microsoft project.

pierslawson commented Dec 4, 2017

Looking at the exception, it appears that the latest version of System.IdentityModel.Tokens.Jwt has a hardcoded dependency on version 9 of Newtonsoft.Json. If your project references version 10 or more you will get an exception thrown containing information along the lines of ""IDX10729: Unable to decode the header". If you keep looking into the Inner Exceptions you can see the Json Extensions are failing to initialise because it cannot find Newtonsoft.Json. I got around this by redirecting the assembly binding in my web.config:

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

I'll see if there is an open issue on the Microsoft project.

@pierslawson

This comment has been minimized.

Show comment
Hide comment
@pierslawson

pierslawson Dec 4, 2017

The System.IdentityModel.Tokens.Jwt assembly deliberately targets version 9 of Newtonsoft.Json:

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#765
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#701

It is not clear why they decided to specifically target 9 rather than 10... or if that was the only version available at the time.

pierslawson commented Dec 4, 2017

The System.IdentityModel.Tokens.Jwt assembly deliberately targets version 9 of Newtonsoft.Json:

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#765
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#701

It is not clear why they decided to specifically target 9 rather than 10... or if that was the only version available at the time.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.