Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.NET 8.0 incompatibility with HS256 #47

Closed
sherlock1982 opened this issue Nov 30, 2023 · 5 comments · Fixed by #61
Closed

.NET 8.0 incompatibility with HS256 #47

sherlock1982 opened this issue Nov 30, 2023 · 5 comments · Fixed by #61

Comments

@sherlock1982
Copy link

sherlock1982 commented Nov 30, 2023
edited

I use IJwtService with the following code to generate access token:

        var credentials = await jwtService.GetCurrentSigningCredentials();
        var tokenDescriptor = _jwtSecurityTokenHandler.CreateJwtSecurityToken(_issuer, _issuer,
            new ClaimsIdentity(claims), expires: DateTime.UtcNow.AddMinutes(60), signingCredentials: credentials);

I get here:

System.NotSupportedException: 'IDX10621: 'Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider' supports: 'Microsoft.IdentityModel.Tokens.SecurityKey' of types: 'Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey' or 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey'. SecurityKey received was of type 'Microsoft.IdentityModel.Tokens.JsonWebKey'.'

Might be related to

Workaround is not to use HS256
@brunobritodev
Copy link
Member

brunobritodev commented Dec 1, 2023
edited

I encountered the same issue and solved it by cleaning old keys from the ASP.NET DataProtection folder, eg: C:\Users\<user>\AppData\Local\ASP.NET\DataProtection-Keys. It's a workaround. But I'm don't know why the parameters of the Key became blank after the upgrade to .NET 8. It needs a further investigation

@anderjoy
Copy link

anderjoy commented Jan 3, 2024

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

@kirill-gerasimenko-da
Copy link
Contributor

Having the same issue here. Will try to clear up the table as others suggested.

@sherlock1982
Copy link
Author

sherlock1982 commented Mar 15, 2024
edited

Well If it helps here's an example.

I create a key in .NET 7 and here's what I got in Parameters JSON in .NET 8 (Something that should become ):

{\"AdditionalData\":{},\"Alg\":null,\"Crv\":null,\"D\":null,\"DP\":null,\"DQ\":null,\"E\":null,\"K\":\"CMUA71g93z9hiS8rt9NvOjBbZybfb--E2Z6AQXXKgaEzgH3LPscuSZbxfgkYctXxuiY9JGBsAOZF1huACm0aEw\",\"KeyId\":\"P99aRZA-6lJvOdxziITJ6A\",\"KeyOps\":[],\"Kid\":\"P99aRZA-6lJvOdxziITJ6A\",\"Kty\":\"oct\",\"N\":null,\"Oth\":null,\"P\":null,\"Q\":null,\"QI\":null,\"Use\":null,\"X\":null,\"X5c\":[],\"X5t\":null,\"X5tS256\":null,\"X5u\":null,\"Y\":null,\"KeySize\":512,\"HasPrivateKey\":false,\"CryptoProviderFactory\":{\"CryptoProviderCache\":{},\"CustomCryptoProvider\":null,\"CacheSignatureProviders\":true,\"SignatureProviderObjectPoolCacheSize\":64}}

Natively created key in .NET 8

{\"k\":\"gnq_e_lwxyCCg5BYsEKkG55pmO6_5ovKvSPr3aQ3fAVpVaSDkLeSklKDtJFPfpzESafCje0Qj1gsomig0PYBug\",\"key_ops\":[],\"kid\":\"yOxMeogeghirusdCfGdqBA\",\"kty\":\"oct\",\"oth\":[],\"x5c\":[]}

Well the thing is that this is of course incompatible.
Are there any conversion procedures we can apply?

Any recommendations to avoid it in the future? Maybe serialize in manually?
This is the place where we convert KeyMaterial to JsonWebKey. Maybe we can somehow make this more stable?

JsonWebKey class is Microsoft.IdentityModel.Tokens versions 6.26.1 vs 7.4.0

@sherlock1982
Copy link
Author

sherlock1982 commented Mar 15, 2024
edited

Ok I found a fix. Can you please make a new build?

public JsonWebKey GetSecurityKey()
{
    return JsonSerializer.Deserialize<JsonWebKey>(Parameters, new JsonSerializerOptions() { 
        PropertyNameCaseInsensitive = true,
    });
}

@sherlock1982 sherlock1982 mentioned this issue Mar 15, 2024
Closed
brunobritodev added a commit that referenced this issue Apr 19, 2024
@brunobritodev
fix: HS256 incompatibility
8f688b1 
Updated to latest dep's fixing critical Security warnings

close #47
close #54
@brunobritodev brunobritodev mentioned this issue Apr 19, 2024
Merged
github-actions bot pushed a commit that referenced this issue Apr 19, 2024
@semantic-release-bot
chore(release): 8.1.4 [skip ci]
c7279ca 
## [8.1.4](v8.1.3...v8.1.4) (2024-04-19)

### Bug Fixes

* HS256 incompatibility ([8f688b1](8f688b1)), closes [#47](#47) [#54](#54)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix 47 54 52 NetDevPack/Security.Jwt
4 participants
@anderjoy @brunobritodev @sherlock1982 @kirill-gerasimenko-da