Problem Statement
After we updated our .net core web API to .net 6, we started receiving “invalid_toklen” errors during token validation on our API controllers marked with the [authorize] attribute even if the token payload is good and the token is not expired.
Cause
This appears to be some versioning issue with the Microsoft identity packages used by the OIDC middleware.
Solution
The solution is in this stack overflow question:
You need to update the System.IdentityModel.Tokens.Jwt to the latest version. And the version needs to be 6.16.0 or higher.
If updating the above library does not resolve, then you may need to make sure that these libraries are on the same version:
Microsoft.IdentityModel.JsonWebTokens
Microsoft.IdentityModel.Logging
Microsoft.IdentityModel.Protocols
Microsoft.IdentityModel.Protocols.OpenIdConnect
Microsoft.IdentityModel.Tokens