ID token is required but missing

I upgraded my .NET project to .NET Core 3.1. I use the Auth0.AuthenticationApi and get an access_token with ResourceOwner request as follows:

   var authClient = new AuthenticationApiClient(new Uri(authority));

   var accessTokenResponse = await authClient.GetTokenAsync(new ResourceOwnerTokenRequest
        {
            Audience = audience,
            ClientId = clientId,
            ClientSecret = clientSecret,
            Password = password,
            Username = emailAddress,
            ForwardedForIp = ipAddress
        });

This worked for .NET Core 2.2 and lower. However, after upgrading to .NET Core 3.1 and upgrading the Auth0.AuthenticationApi from 5.10.0 to 7.0.2 I get the following exception:

Auth0.AuthenticationApi.Tokens.IdTokenValidationException
  HResult=0x80131500
  Message=ID token is required but missing.
  Source=Auth0.AuthenticationApi
  StackTrace:
   at Auth0.AuthenticationApi.IdTokenValidator.<Assert>d__3.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult()
   at Auth0.AuthenticationApi.AuthenticationApiClient.<GetTokenAsync>d__18.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at Be.Core.Domain.Services.Authentication.Auth0AuthenticationService.<Authenticate>d__7.MoveNext() in D:\Sources\BeSimple\Be.Core.Domain.Services\Authentication\Auth0AuthenticationService.cs:line 79

Does this package work with .NET Core 3.1?

Can you post what you have in line Auth0AuthenticationService.cs:line 79 and the code around it. Or is it that line with await authClient.GetTokenAsync… ?

It’s the line with GetTokenAsync.

Here’s the code of the method we implemented:

    public async Task<(string accessToken, string statusMessage)> Authenticate(string emailAddress, string password, string ipAddress)
    {
        if (string.IsNullOrEmpty(emailAddress) || string.IsNullOrEmpty(password))
        {
            return (null, "invalid_credentials");
        }

        var authClient = new AuthenticationApiClient(new Uri(authority));

        try
        {
            var accessTokenResponse = await authClient.GetTokenAsync(new ResourceOwnerTokenRequest
            {
                Audience = audience,
                ClientId = clientId,
                ClientSecret = clientSecret,
                Password = password,
                Username = emailAddress,
                ForwardedForIp = ipAddress
            });

            return (accessTokenResponse.AccessToken, null);
        }
        catch (ErrorApiException ex)
        {
            string statusMessage = null;

            if (ex.ApiError.Message == "user is blocked")
            {
                statusMessage = "user_blocked";
            }
            else
            {
                statusMessage = ex.ApiError.Error;
            }

            return (null, statusMessage);
        }
    }

I need to provide ‘openid’ in de Scope to also get the IDToken in the response. Furthermore, I need to provide the SigningAlgorithm to get it verified according to the signing algorithm I set in the settings of Auth0.

Actually, I didn’t expect this is necessary now as it worked before without passing Scope en SigningAlgorithm in the request.

1 Like