Problem with embedded lock in ASP.NET Core Sample Project

stephen.webb · April 15, 2017, 3:43pm

I download the sample at:
https://auth0.com/docs/quickstart/webapp/aspnet-core/02-login-embedded-lock

Unzip, load in to Visual Studio 2017

Check the Client Secret, Client Id and Domain.

Run the app.

Click the Login button (top right)

![alt text][1]

The Auth0 lock is correctly displayed.

![alt text][2]

Enter my credentials.

I get the following error. (The actual error message contains more information but has shows keys that I don’t want to display on a public forum)

An unhandled exception occurred while processing the request.
SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey , KeyId:

jerrie · April 17, 2017, 6:40am

Go to your client in the Auth0 dashboard. Under the settings tab, go to “Show Advanced Settings”, and configure the “JsonWebToken Signature Algorithm” t o RS256. Save the settings, and try again.

Alternatively, if you want to stick with HS256, you can refer to this sample:
https://github.com/auth0-samples/auth0-aspnetcore-oidc-hs256

Specifically, you will need to configure the TokenValidationParameters, as per these lines:
https://github.com/auth0-samples/auth0-aspnetcore-oidc-hs256/blob/master/src/AspNetCoreOidcSample/Startup.cs#L143-L146

stephen.webb · April 17, 2017, 1:25pm

Jerrie, thanks for that. It worked a treat. Cheers.