0

I am using the below code to authorize

.AddJwtBearer(schemaname, options =>
               {
                   options.Audience = AddJwtBearerConfigurations[xxx].Audience;
                   options.Authority = AddJwtBearerConfigurations[xxx].Authority;
                   options.RequireHttpsMetadata = false; 
                   options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                   {
                       ValidateAudience = true,
                       ValidateIssuer = false,
                       ValidateIssuerSigningKey = false,
                       ValidateLifetime = false,
                       ValidateTokenReplay = false,
                       RequireSignedTokens = false,
                   };
               })

I am using Application ID URI as Audience and https://login.microsoftonline.com/{tenantID} as Authority I keep getting error

WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid" WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid" WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid" WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid" WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid" WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"

I tried clinetID, decode the jwt and use "aud" and still getting 401

any help

Update, i started sending IssuerSigningKey and now error i dug out of output

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: {schemaName} was not authenticated. Failure message: Object reference not set to an instance of an object.

Miroo
  • 795
  • 3
  • 13
  • 35

1 Answers1

0

The error "The signature key was not found" may occur when you don't include signing key in your Startup.cs configuration file.

To resolve the error, try adding IssuerSigningKey in the code by modifying it like below if helpful:

options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                   {
                       ValidateAudience = true,
                       ValidateIssuer = true,
                       ValidIssuer = "Your_Token_Issuer",
                       ValidateIssuerSigningKey = true,
                       IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("abcdef123"))
                   };

Please find below links that may give you some pointers to resolve the error:

c# - Bearer error - invalid_token - The signature key was not found - Stack Overflow

Creating And Validating JWT Tokens In C# .NET - .NET Core Tutorials (dotnetcoretutorials.com)

JWT Validation and Authorization in ASP.NET Core - .NET Blog (microsoft.com)

Sridevi
  • 10,599
  • 1
  • 4
  • 17
  • where can I get this signingkey from? can i decode the access token and find it ? – Miroo May 18 '22 at 13:41
  • You can make use of existing public key or create one key by referring this [***SO Thread***](https://stackoverflow.com/questions/46294373/net-core-issuersigningkey-from-file-for-jwt-bearer-authentication). You can decode your token via jwt.io and find **`alg`**, **`x5t`** and **`kid`** in header section to know key details ! – Sridevi May 18 '22 at 15:59
  • good news, now i am getting only WWW-Authenticate: Bearer error="invalid_token" but still 401 – Miroo May 18 '22 at 21:31
  • Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: {schemaName} was not authenticated. Failure message: Object reference not set to an instance of an object. – Miroo May 18 '22 at 22:31
  • Can you edit your question with modified code like how **`IssuerSigningKey`** is included? Check this [***SO Thread***](https://stackoverflow.com/questions/56621195/asp-net-core-authentication-with-jwt-the-signature-is-invalid?rq=1) once! – Sridevi May 19 '22 at 01:02