Security.Jwt icon indicating copy to clipboard operation
Security.Jwt copied to clipboard

Published 20 hours ago verified publisher icon NetDevPack

.NET 8.0 incompatibility with HS256

Open sherlock1982 opened this issue 1 year ago • 5 comments

I use IJwtService with the following code to generate access token:

        var credentials = await jwtService.GetCurrentSigningCredentials();
        var tokenDescriptor = _jwtSecurityTokenHandler.CreateJwtSecurityToken(_issuer, _issuer,
            new ClaimsIdentity(claims), expires: DateTime.UtcNow.AddMinutes(60), signingCredentials: credentials);

I get here:

System.NotSupportedException: 'IDX10621: 'Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider' supports: 'Microsoft.IdentityModel.Tokens.SecurityKey' of types: 'Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey' or 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey'. SecurityKey received was of type 'Microsoft.IdentityModel.Tokens.JsonWebKey'.'

Might be related to

Workaround is not to use HS256

sherlock1982 avatar Nov 30 '23 07:11 sherlock1982

I encountered the same issue and solved it by cleaning old keys from the ASP.NET DataProtection folder, eg: C:\Users\<user>\AppData\Local\ASP.NET\DataProtection-Keys. It's a workaround. But I'm don't know why the parameters of the Key became blank after the upgrade to .NET 8. It needs a further investigation

brunobritodev avatar Dec 01 '23 17:12 brunobritodev

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

anderjoy avatar Jan 03 '24 23:01 anderjoy

Having the same issue here. Will try to clear up the table as others suggested.

kirill-gerasimenko-da avatar Jan 09 '24 17:01 kirill-gerasimenko-da

Well If it helps here's an example.

I create a key in .NET 7 and here's what I got in Parameters JSON in .NET 8 (Something that should become ):

{\"AdditionalData\":{},\"Alg\":null,\"Crv\":null,\"D\":null,\"DP\":null,\"DQ\":null,\"E\":null,\"K\":\"CMUA71g93z9hiS8rt9NvOjBbZybfb--E2Z6AQXXKgaEzgH3LPscuSZbxfgkYctXxuiY9JGBsAOZF1huACm0aEw\",\"KeyId\":\"P99aRZA-6lJvOdxziITJ6A\",\"KeyOps\":[],\"Kid\":\"P99aRZA-6lJvOdxziITJ6A\",\"Kty\":\"oct\",\"N\":null,\"Oth\":null,\"P\":null,\"Q\":null,\"QI\":null,\"Use\":null,\"X\":null,\"X5c\":[],\"X5t\":null,\"X5tS256\":null,\"X5u\":null,\"Y\":null,\"KeySize\":512,\"HasPrivateKey\":false,\"CryptoProviderFactory\":{\"CryptoProviderCache\":{},\"CustomCryptoProvider\":null,\"CacheSignatureProviders\":true,\"SignatureProviderObjectPoolCacheSize\":64}}

Natively created key in .NET 8

{\"k\":\"gnq_e_lwxyCCg5BYsEKkG55pmO6_5ovKvSPr3aQ3fAVpVaSDkLeSklKDtJFPfpzESafCje0Qj1gsomig0PYBug\",\"key_ops\":[],\"kid\":\"yOxMeogeghirusdCfGdqBA\",\"kty\":\"oct\",\"oth\":[],\"x5c\":[]}

Well the thing is that this is of course incompatible. Are there any conversion procedures we can apply?

Any recommendations to avoid it in the future? Maybe serialize in manually? This is the place where we convert KeyMaterial to JsonWebKey. Maybe we can somehow make this more stable?

JsonWebKey class is Microsoft.IdentityModel.Tokens versions 6.26.1 vs 7.4.0

sherlock1982 avatar Mar 15 '24 14:03 sherlock1982

Ok I found a fix. Can you please make a new build?

public JsonWebKey GetSecurityKey()
{
    return JsonSerializer.Deserialize<JsonWebKey>(Parameters, new JsonSerializerOptions() { 
        PropertyNameCaseInsensitive = true,
    });
}

sherlock1982 avatar Mar 15 '24 14:03 sherlock1982