New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecurityTokenMalformedException after updating to .NET 8 #52191
Comments
I think this might be the problem.
The jwt that you are sending in the request has iat claim with this value: Based on the RFC 7519 this claim MUST be number. This is probably an issue with this repo. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet |
Thanks for handling this, @Kahbazi ! |
I have the same issue, downgrading Microsoft.AspNetCore.Authentication.JwtBearer to 7.0.14 helped. |
I fixed the issue. The issue was actually in my code because I added iat manually as claim but used a ToString on DateTime there. It worked like that so far. Now I changed it to the following: new Claim(JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(now).ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer64) |
Took me a while to find out but just to provide some context: previously, in .NET 7 the iat parsing was more forgiving. See this diff of Now, quite clearly iat parser expects a number as per the standard. See this file. So as mentioned by @msallin, can be fixed by using new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString()) |
Wery Useful Thanks man |
I am facing the same issue. Changing Iat claim didn't help :/ |
Is there an existing issue for this?
Describe the bug
I updated my application to .NET 8 and hence also from
Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.13"
toMicrosoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0"
. This breaks my authentication mechanism.I turned on the logs that may show the necessary information.
I send the following request:
Expected Behavior
The authentication works. When there is a breaking change, that should be documented.
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
8.0
Anything else?
No response
The text was updated successfully, but these errors were encountered: