Skip to content

SecurityTokenMalformedException after updating to .NET 8 #52191

Closed as not planned
@msallin

Description

@msallin

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

I updated my application to .NET 8 and hence also from Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.13" to Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0". This breaks my authentication mechanism.

I turned on the logs that may show the necessary information.

Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware: Debug: Request matched endpoint 'FreshCube.MinimalOrdering.Web.Application.UserManagement.Controllers.UsersController.Get (FreshCube.MinimalOrdering.Web)'
'FreshCube.MinimalOrdering.Web.exe' (CoreCLR: clrhost): Loaded 'C:\work\fresh-cube\minimal-ordering\src\FreshCube.MinimalOrdering.Web\bin\Debug\net8.0\Microsoft.IdentityModel.Abstractions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Failed to validate the token.

Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
 ---> System.ArgumentException: IDX14101: Unable to decode the payload '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string.
 ---> System.Text.Json.JsonException: IDX11020: The JSON value of type: 'String', could not be converted to 'JsonTokenType.Number'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.iat', Position: '185', CurrentDepth: '1', BytesConsumed: '213'.
   at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadLong(Utf8JsonReader& reader, String propertyName, String className, Boolean read)
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreatePayloadClaimSet(Byte[] bytes, Int32 length)
   at Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode[T](String input, Int32 offset, Int32 length, Func`3 action)
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreateClaimSet(String rawString, Int32 startIndex, Int32 length, Func`3 action)
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
   --- End of inner exception stack trace ---
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Bearer was not authenticated. Failure message: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Debug: Static files was skipped as the request already matched an endpoint.
Microsoft.AspNetCore.Authorization.AuthorizationMiddleware: Debug: Policy authentication schemes  did not succeed
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/2 GET https://localhost:7085/api/users/profile - 401 0 - 84.1440ms

I send the following request:

curl -X 'GET' \
  'https://localhost:7085/api/users/profile' \
  -H 'accept: text/plain' \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5mcmVzaGN1YmUuY29tL1VzZXJJZCI6IjNiNjUyOTM3LTUwMzMtNGIxNS04YTFkLTFkZjNmMDY5NjE2NiIsImVtYWlsIjoiYWRtaW5AZnJlc2hjdWJlLmNoIiwic3ViIjoiYWRtaW5AZnJlc2hjdWJlLmNoIiwianRpIjoiZjcxZGE2NGEtNDVmOS00NDhiLWFlODAtNjI3N2ExY2JjMzMyIiwiaWF0IjoiMTEvMTkvMjAyMyA4OjMzOjM2XHUyMDJGQU0iLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJhZG1pbiIsIm5iZiI6MTcwMDM4MjgxNiwiZXhwIjoxNzAyOTc0ODE2LCJpc3MiOiJGcmVzaEN1YmUiLCJhdWQiOiJGcmVzaEN1YmUifQ.4xoyMXVXZo1wpoByrSlfbQTfLSCSNB_g9F7mxsxfc1w'

Expected Behavior

The authentication works. When there is a breaking change, that should be documented.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

8.0

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    ExternalThis is an issue in a component not contained in this repository. It is open for tracking purposes.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions