β Auth0 and ASP.NET API
Hello π
I have difficulties while trying to implement Auth0 in ASP.NET API. I tried many things.
Currently, I am doing it all over again but with simpler applications to understand what is wrong with my configurations.
So I created a new ASP.NET API to try to reach an endpoint with the attribute [Authorize].
My API Controller looks like this: https://paste.mod.gg/vrwcfkvfpexf/0
And my configuration looks like this :
https://paste.mod.gg/yoyyytvmdcwk/0
So if I try to reach the endpoint with Postman here :
https://localhost:7113/api/AuthTest/private
With a Bearer Token that I copy from my "Test API endpoint" in Auth UI (you can see the image below)
Then I receive this response in Postman :
"
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://philauth.eu.auth0.com/.well-known/openid-configuration'.
---> System.TypeLoadException: Could not load type 'Microsoft.IdentityModel.Json.JsonConvert' from assembly 'Microsoft.IdentityModel.Tokens, Version=7.0.2.0, Culture=neutral, PublicKeyToken=(IChangedThisBecauseIdkIfThisIsSensitive)'.
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<Microsoft.IdentityModel.Protocols.
"
I thought my API could not reach the endpoint, so I made the "OpenIdConfig" endpoint in the controller but I can reach it with no problem. So I really don't know?
Does someone have an idea to see where the error comes from, or how to debug it? Please π
BlazeBin - vrwcfkvfpexf
A tool for sharing your source code with the world!
BlazeBin - yoyyytvmdcwk
A tool for sharing your source code with the world!
22 Replies
the issue is that
Microsoft.IdentityModel.Json.JsonConvert doesn't exist, definetly not in Microsoft.IdentityModel.Tokens namespace.
Do you mean Newtonsoft.Json.JsonConvert instead?
@PhilΓ©monHmm sorry, I don't think I understand the question?
I copied and pasted the error displayed in my Postman "500 Internal Server Error" response
I don't know where this error response comes from
try
dotnet add package Newtonsoft.JsonI installed Newtonsoft.Json package but I still have the error
rebuild
exact same error?
Yes the same error
I rebuilded too
oh and gotta add
using Newtonsoft.Json; whereever you are using the JsonConvert classI don't use JsonConvert π¬
Auth0 is doing it for me I think ?
possibly π€·ββοΈ
The full error is the following :
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://philauth.eu.auth0.com/.well-known/openid-configuration'.
---> System.TypeLoadException: Could not load type 'Microsoft.IdentityModel.Json.JsonConvert' from assembly 'Microsoft.IdentityModel.Tokens, Version=7.0.2.0, Culture=neutral, PublicKeyToken=(mykey)'.
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>.GetConfigurationAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager
1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
I just changed the public key token (in the error message) because I don't know if this is sensitive information π
Omygod it works π€£
Thank you @Florian VoΓ you gave me the idea of the nuget package problem
It appears that I had too many non-needed packages, I removed them and it now works
π₯³glad it works π
what did you do to fix? I could imagine the issue was that because you had newtonsoft package installed, the Microsoft internal code was trying to use Newtonsoft instead of STJ (System.Text.Json, the builtin serializer in .Net) which caused this issue. Did you throw Newtonsoft package out now to fix the issue? Then it doesn'T try to use JsonConvert class from Newtonsoft anymore and instead tries to use JsonSerializer from STJ. That would be a plausible explanation I guess π€·ββοΈ
I removed two Json related packages.
The first is the one that you said I should install, and the second one System.IdentityModel.Tokens.Jwt
yep so this was in fact the issue
And since i already had the problem before installing newtonsoft, its probably System.IdentityModel.Tokens.Jwt that caused the issue
you were using System.IdentityModel which is old shit, instead of Microsoft.IdentityModel. The old shit wants to use Newtonsoft, the new stuff wants STJ
But what i don't understand is, is that is it Auth0 on their website who say
"1. Choose a JWT library
As your API will be parsing JWT formatted access tokens, you will need to setup these capabilities on your API.
You can navigate to jwt.io
and choose from there. Remember to pick a library that support your selected signing algorithm."
So i click on the jwt.io link, then i click on "See all libraries" and then I see
"Install-Package System.IdentityModel.Tokens.Jwt" for .NET
seems jwt.io is outdated here
microsoft docs would tell you to use Microsoft.IdentityModel instead of System.IdentityModel
Ok, and I guess that this Microsoft.IdentityModel is included in the base class library?
Because I didn't have to install it myself, and it is not listed in the added Packages
I am so happy that we found the solution, it has been 2 weeks since I work on this problem π₯³ π₯³ π₯³
System is included in my API by default then ?
I think so yes, it should be part of Microsoft.AspNetCore.App I believe
yes, by default you have ImpliciteUsings enabled. You can see
<ImpliciteUsings>enabled</ImpliciteUsings> in your .csproj. System is one of those implicitely used namespacesVery nice π Thank you again!!
glad I could help π make sure to /close the thread
Yes sure, thanks!