I’m following the code example in https://auth0.com/docs/quickstart/backend/webapi-owin/01-authorization for my webapi’s Startup.Configuration method but it does not compile. Specifically, the IssuerSigningKeyResolver delegate is shown in the example to be set with a call to OpenIdConnectSigningKeyResolver.GetSigningKey(identifier) where identifier is a System.IdentityModel.Tokens.SecurityKeyIdentifier but the delegate’s definition’s identifier type is a string:
Jerrie here… I am responsible for the Auth0 .NET related libraries.
Thanks for pointing this out, but unfortunately there are some big dependency issues related to the underlying Microsoft JWT libraries we are using. From what I have been able to piece together, the OWIN (Katana) 4.x libraries seem to be related to ASP.NET Core.
Now, the problem is that the Microsoft.Owin.Security.Jwt 4.x depends on System.IdentityModel.Tokens.Jwt 5.x, so as soon as you do that jump in versions, things go bad.
Bottom line is that if you are using the “old” Web API stuff (i.e. not ASP.NET Core), then you seem to have to stay on the OWIN 3.x NuGet packages.
This is unfortunately out of my control. Also, there seems to be very little clarity from MS related to this, so this is how I have pieced things together to the best of my ability.
Is there an absolute need for you to be on OWIN 4.x ?