27

Hopefully an easy one to resolve.

Microsoft's System.IdentityModels.Tokens.Jwt package was updated yesterday on NuGet from 4.0.2.206211351 to v5.0. This is unfortunately causing a breaking change with some "standard" IdentityServer3 code. i.e. taken from their code samples so I imagine quite a few developers might see this issue over the coming days.

Original Code

using v4.0.2.xxxxxx version of the package. I have

using System.IdentityModel.Tokens;

in the namespace.

then in the Configuration method begins as:

public void Configuration(IAppBuilder app)
    {
        AntiForgeryConfig.UniqueClaimTypeIdentifier = "sub";

        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        { ... };

After Updating

After updating the confgiuration line:

JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

Is causing an issue.

The first thing being that the Class has, apparently, moved into the System.IdentityModel.Tokens.Jwt namespace, this isn't so bad to resolve.

However, I'm now getting an Object reference required for a non-static field error on the JwtSecurityTokenHandler.InboundClaimTypeMap.

Am I missing something here, another library that's required or is there something happening before the Startup.Configuration() is called that needs digging into?

alex.b
  • 4,547
  • 1
  • 31
  • 52
Ross Halliday
  • 785
  • 6
  • 19

2 Answers2

41

When you go to the doctor and say "it always hurts when I do this" - the doctor will reply "then stopping doing this" ;)

v4 -> v5 is by definition a breaking change. Do you need v5?

That being said - a simple intellisense exploration would have brought up that they renamed InboundClaimTypeMap to DefaultInboundClaimTypeMap.

Be prepared for more breaking changes along the way.

Ruaidhrí Primrose
  • 1,250
  • 1
  • 17
  • 22
leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • Many thanks. Ah,... no we're not ready for v5 yet, this was me doing a general update of NuGet packages before starting an unrelated story. I'm going to have to live with those Update Alerts not being cleared for a while. In one sense I'm glad that it's an easy fix; in another I feel a bit daft for asking... But, I suppose that's software development in a nutshell :-) – Ross Halliday Jun 29 '16 at 06:43
  • 1
    Using the latest version (5.X.X) it is now `System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.DefaultInboundClaimTypeMap` – Rob L Jan 15 '17 at 21:37
1

Access token validation in OWIN is not compatible with system.identitymodel v5 - you need to downgrade to v4 - See issue here

Todd Hirsh
  • 51
  • 1
  • 4
  • Please note that this is not true anymore, see https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Migrating-from-Katana-(OWIN)-3.x-to-4.x – Eirik H Mar 11 '22 at 14:40