Skip to content

[release/9.0] Fix loading dotnet user-jwts config #59473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 7, 2025
Merged

[release/9.0] Fix loading dotnet user-jwts config #59473

merged 1 commit into from
Jan 7, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 13, 2024
edited by halter73
Loading

Backport of #59425 to release/9.0

/cc @halter73

Fix loading dotnet user-jwts config

Description

This PR fixes a bug introduced in .NET 9 that caused the JwtBearerHandler to reject JWT tokens created by dotnet user-jwts create despite the tool correctly setting the necessary configuration. The issue was caused by the JwtBearerHandler not loading the user-jwts IssuerSigningKeys from user-secrets configuration.

Fixes #58996

Customer Impact

Without this fix, the functionality of dotnet user-jwts is broken when referencing the Microsoft.AspNetCore.Authentication.JwtBearer 9.0 NuGet package. There is a workaround of manually reading the IssuerSigningKeys from config, but this isn't at all discoverable unless you find the GitHub issue.

builder.Services.AddAuthentication("Bearer").AddJwtBearer(o =>
{
    o.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("Authentication:Schemes:Bearer:SigningKeys:0").GetValue<string>("Value")));
});

Regression?

  • Yes
  • No

This behavior regressed between .NET 8 and .NET 9.

Risk

  • High
  • Medium
  • Low

This is a one-line change that is now covered by both end-to-end and unit testing introduced in this PR.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@ghost ghost added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Dec 13, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Dec 13, 2024
@halter73 halter73 added the Servicing-consider Shiproom approval is required for the issue label Dec 14, 2024
@mkArtakMSFT mkArtakMSFT added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Dec 18, 2024
@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Dec 25, 2024
@wtgodbe wtgodbe merged commit c7de78c into release/9.0 Jan 7, 2025
25 checks passed
@wtgodbe wtgodbe deleted the backport/pr-59425-to-release/9.0 branch January 7, 2025 22:30
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.2 Jan 7, 2025
@martincostello martincostello mentioned this pull request Jan 12, 2025
Closed
1 task
This was referenced Feb 12, 2025
Merged
Merged
This was referenced Jul 22, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
This was referenced Nov 6, 2025
Open
Open
Open
Merged
Open
Closed
Closed
Closed
Open
Open
Merged
Open
Open
Open
Open
Open
This was referenced Nov 13, 2025
Open
Open
Open
Open
Open
Open
Open
Closed
Closed
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@captainsafia captainsafia captainsafia approved these changes

Assignees

No one assigned

Labels

area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun Servicing-approved Shiproom has approved the issue

Projects

None yet

Milestone

9.0.2

Development

Successfully merging this pull request may close these issues.

5 participants

@captainsafia @halter73 @wtgodbe @mkArtakMSFT