IDX10720: Unable to create KeyedHashAlgorithm #3556
Replies: 4 comments
-
For anyone else who comes across this issues, I solved it by simply adding a bunch of extra ???'s to the "JwtOptions:Secret" setting. I am still unsure how this occured though as this happened with a fresh install of V5 (cloned from github). |
Beta Was this translation helpful? Give feedback.
-
This issue dotnet/aspnetcore#49455 seems to indicate that some libraries now require a larger key. Previously Oqtane was enforcing an 128 bit key minimum - but it looks like this needs to be expanded to 256 bits. Thank you for reporting. |
Beta Was this translation helpful? Give feedback.
-
@Justincale do you have form auto completion set in your browser? ie. when you encounter a page which contains a form does your browser automatically populate the fields? If so, I am thinking that because the JWT secret field is named very generically, it is possible that your browser populated the value without you knowing and when you clicked Save, it set the Jwt Secret value in the database. And then it tried to use the value specified to generate a token and ran into the 256 bit requirement. However, under normal circumstances the Jwt Secret field should not be populated with any value - it should be blank - so I am trying to understand your scenario. |
Beta Was this translation helpful? Give feedback.
-
#35765 should resolve all aspects of this issue. I was able to reproduce by simply providing a value in the Token Settings - Secret field: I modified the logic so that it pads the secret to 32 characters (256 bits) when it generates/validates the token - rather than when it saves the secret in User Settings. I also changed the field id for the secret input to reduce the chance of form auto-complete potentially causing problems. |
Beta Was this translation helpful? Give feedback.
-
Hi all,
I recently created a fresh install of oqtane V5 on my dev box for upgrading and testing some modules I have been working on to .Net8. All has been fine except for today, when I thought I would go through the process of registering a new user only to receive the following exception from tokenHandler.CreateToken(tokenDescriptor) inside of JwtManager.GenerateToken:
ArgumentOutOfRangeException: IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256', the key size must be greater than: '256' bits, key has '128' bits. (Parameter 'keyBytes')
I am now essentially locked out of this instance of oqtane, unable to log in even with the admin user used to create the instance.
Any ideas?
thanks
Beta Was this translation helpful? Give feedback.
All reactions