Currently following this article (https://auth0.com/docs/quickstart/backend/webapi-owin/01-authorization) to use the token issued from Auth0 to authorize my C# Web Api. It is currently not working with error 'Cannot convert from string to System.IdentityModel.Tokens.SecurityKeyIdentifier. Here is the code:
using Microsoft.AspNetCore.Builder;
using Microsoft.IdentityModel.Tokens;
using System.Configuration;
using Owin;
using Microsoft.Owin.Security.Jwt;
using Microsoft.Owin.Security;
using Auth0.Owin;
using Microsoft.Owin;
[assembly: OwinStartup(typeof(repAPI.Startup))]
namespace repAPI
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.MapSignalR();
var domain = $"https://{ConfigurationManager.AppSettings["auth0:Domain"]}/";
var apiIdentifier = ConfigurationManager.AppSettings["auth0:ApiIdentifier"];
var keyResolver = new OpenIdConnectSigningKeyResolver(domain);
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters()
{
ValidAudience = apiIdentifier,
ValidIssuer = domain,
IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) => keyResolver.GetSigningKey(identifier) //this line is having problems
}
});
}
}
}
@derek.williams@craigsch@development1 This is a dependency issue which, according to my current investigations, appear to be out outside of our control.
Underlying problem appears to be incompatibility with System.IdentityModel.Tokens.Jwt 5.x, which is what the OWIN 4.x libs depend on.
Bottom line is, you need to use OWIN 3.x and specifically System.IdentityModel.Tokens.Jwt 4.x
I will see that we add a big notice on the Quickstart regarding this.
@jerdog Can you please keep an eye out on these symptoms, specifically when using OWIN Web API, as other may run into it as well?
However, this example does not seem to be compatible with latest versions of packages
Microsoft.Owin.Security.Jwt (runtime version v4.0.30319, version 4.0.30319)
Auth0.OpenIdConnectSigningKeyResolver (runtime version v4.0.30319, version 4.0.0.0)
The problem seems to be that the signature of IssuerSigningKeyResolver has been changed - specifically the ‘identifier’ parameter is no longer of type SecurityKeyIdentifier, but instead a string…so the following does not work: