Updating .NET Core Web API to .NET 6 Returns "invalid_token" Error

lihua.zhang · October 12, 2022, 6:58pm

Last Updated: Nov 11, 2024

Overview

After updating the .net core web API to .net 6, “invalid_toklen” errors are received during token validation on the API controllers marked with the [authorize] attribute.

Token validation fails even though the token payload is good and the token has not expired.

Applies To

.NET 6
invalid_token
Error

Cause

This appears to be a versioning issue with the Microsoft identity packages used by the OIDC middleware.

Solution

Update the System.IdentityModel.Tokens.Jwt to the latest version.

If updating the above library does not resolve, then make sure that the following libraries are on the same version:

Microsoft.IdentityModel.JsonWebTokens
Microsoft.IdentityModel.Logging
Microsoft.IdentityModel.Protocols
Microsoft.IdentityModel.Protocols.OpenIdConnect
Microsoft.IdentityModel.Tokens

It may need to be version 6.16.0 or higher.

Related References

The solution was found in this stack overflow question.

Topic		Replies	Views
Error in new .NET 6 project Help classic-universal-login-experience , login-experience	6	2249	January 25, 2023
Bearer error="invalid_token", error_description="The signature key was not found" Help	2	3565	December 3, 2019
Bearer error="invalid_token", error_description="The issuer is invalid" JWT.io jwt , auth0	5	21358	August 27, 2019
.net core API error of "Invalid token" for second Auth0 development environment Help jwt , api	8	7600	November 22, 2019
Porting ASP.NET MVC app to Core, problems with Auth0 jwt auth JWT.io aspnet-core	5	5139	September 11, 2019