Closed as not planned
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
I updated my application to .NET 8 and hence also from Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.13"
to Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0"
. This breaks my authentication mechanism.
I turned on the logs that may show the necessary information.
Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware: Debug: Request matched endpoint 'FreshCube.MinimalOrdering.Web.Application.UserManagement.Controllers.UsersController.Get (FreshCube.MinimalOrdering.Web)'
'FreshCube.MinimalOrdering.Web.exe' (CoreCLR: clrhost): Loaded 'C:\work\fresh-cube\minimal-ordering\src\FreshCube.MinimalOrdering.Web\bin\Debug\net8.0\Microsoft.IdentityModel.Abstractions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
---> System.ArgumentException: IDX14101: Unable to decode the payload '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string.
---> System.Text.Json.JsonException: IDX11020: The JSON value of type: 'String', could not be converted to 'JsonTokenType.Number'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.iat', Position: '185', CurrentDepth: '1', BytesConsumed: '213'.
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadLong(Utf8JsonReader& reader, String propertyName, String className, Boolean read)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreatePayloadClaimSet(Byte[] bytes, Int32 length)
at Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode[T](String input, Int32 offset, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreateClaimSet(String rawString, Int32 startIndex, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
--- End of inner exception stack trace ---
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Bearer was not authenticated. Failure message: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Debug: Static files was skipped as the request already matched an endpoint.
Microsoft.AspNetCore.Authorization.AuthorizationMiddleware: Debug: Policy authentication schemes did not succeed
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/2 GET https://localhost:7085/api/users/profile - 401 0 - 84.1440ms
I send the following request:
curl -X 'GET' \
'https://localhost:7085/api/users/profile' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5mcmVzaGN1YmUuY29tL1VzZXJJZCI6IjNiNjUyOTM3LTUwMzMtNGIxNS04YTFkLTFkZjNmMDY5NjE2NiIsImVtYWlsIjoiYWRtaW5AZnJlc2hjdWJlLmNoIiwic3ViIjoiYWRtaW5AZnJlc2hjdWJlLmNoIiwianRpIjoiZjcxZGE2NGEtNDVmOS00NDhiLWFlODAtNjI3N2ExY2JjMzMyIiwiaWF0IjoiMTEvMTkvMjAyMyA4OjMzOjM2XHUyMDJGQU0iLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJhZG1pbiIsIm5iZiI6MTcwMDM4MjgxNiwiZXhwIjoxNzAyOTc0ODE2LCJpc3MiOiJGcmVzaEN1YmUiLCJhdWQiOiJGcmVzaEN1YmUifQ.4xoyMXVXZo1wpoByrSlfbQTfLSCSNB_g9F7mxsxfc1w'
Expected Behavior
The authentication works. When there is a breaking change, that should be documented.
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
8.0
Anything else?
No response