I have a .NET Core web API (with appsetting.json containing Auth0 information), with endpoints authorized with Auth0 JWTs; the header of the token looks like:
{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “jQbVxyBhW-DCmk2XgXLD-”
}
When I run it locally, all works beautifully. However, when I publish to Azure and then try to access the same endpoints there, I am getting this error:
Bearer error=“invalid_token”, error_description=“The signature key was not found”
From Azure Application Insights, the following additional details are available:
IDX10501: Signature validation failed. Unable to match key:
kid: ‘[PII is hidden. For more details, see Bing]’.
Exceptions caught:
‘[PII is hidden. For more details, see Bing]’.
token: ‘[PII is hidden. For more details, see Bing]’.
The call stack is:
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException:
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken (System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler+d__6.MoveNext (Microsoft.AspNetCore.Authentication.JwtBearer, Version=3.1.10.0, Culture=neutral, PublicKeyToken=adb9793829ddae60)
What is wrong, why is the same token working fine in my environment yet failing in Azure?
Any insights will be appreciated.
Thanks,
Boris