Auth0 Home Blog Docs

Webapi Owin Example is not Working



I’m following the code example in for my webapi’s Startup.Configuration method but it does not compile. Specifically, the IssuerSigningKeyResolver delegate is shown in the example to be set with a call to OpenIdConnectSigningKeyResolver.GetSigningKey(identifier) where identifier is a System.IdentityModel.Tokens.SecurityKeyIdentifier but the delegate’s definition’s identifier type is a string:

public delegate IEnumerable IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters);

I’m using Microsoft.Owin v4.0.0 and Auth0.OpenIdConnectSigningKeyResolver v1.0.0.

Could there be a breaking change in Microsoft.Owin v4.0.0?


Hi Emmanuel,

Jerrie here… I am responsible for the Auth0 .NET related libraries.

Thanks for pointing this out, but unfortunately there are some big dependency issues related to the underlying Microsoft JWT libraries we are using. From what I have been able to piece together, the OWIN (Katana) 4.x libraries seem to be related to ASP.NET Core.

One definite dependency issue I cannot appear to work around is that the System.IdentityModel.Tokens.Jwt 5.x library does not work with non-ASP.NET Core projects. You can also see this discussed over here:

Now, the problem is that the Microsoft.Owin.Security.Jwt 4.x depends on System.IdentityModel.Tokens.Jwt 5.x, so as soon as you do that jump in versions, things go bad.

Bottom line is that if you are using the “old” Web API stuff (i.e. not ASP.NET Core), then you seem to have to stay on the OWIN 3.x NuGet packages.

This is unfortunately out of my control. Also, there seems to be very little clarity from MS related to this, so this is how I have pieced things together to the best of my ability.

Is there an absolute need for you to be on OWIN 4.x ?


Thank you for the quick reply. Indeed, I think there is no reason why I cannot just use the 3.x OWIN. I will try that.