Auth0 Home Blog Docs

What to do since Auth0.OpenIdConnectSigningKeyResolve is now unlisted?

Hi,

I am trying to update an .net framework API layer to using access token (previously was utilized ID token and /ro endpoint and want to use /oauth/token endpoint).

I am trying to follow the listed here https://auth0.com/docs/quickstart/backend/webapi-owin#install-dependencies and am now having issues. I think i must’ve had the dll local at one time because it was able to build locally, but then via CI/CD it started erroring with missing dlls.

After investigation I found that nuget has “Auth0.OpenIdConnectSigningKeyResolver” is unlisted now, which i assume is the issue. The github project https://github.com/auth0/auth0-aspnet-owin mentions using https://auth0.com/docs/quickstart/webapp/aspnet-owin but this appears to be for MVC projects utilizing openid, which i don’t think is my case.

Any recommendations on how to use .net framework with just access token authentication? Thanks!

Edit: Another idea would be to pull down the code locally to the project from github. Is this too risky until I can migrate to .net core?

2 Likes

I was hoping to see an answer to this since I am running into the same problem. My plan, for now, is to create a local version of just this: https://github.com/auth0/auth0-aspnet-owin/tree/master/src/Auth0.Owin.OpenIdConnectSigningKeyResolver and reference that in my projects.
My limited understanding of the security concerns around the project makes me believe that they apply to the other portion of the package as the security notice involves interaction with the client and the OpenIdConnectSigningKeyResolver portion does not interact with the client.

Also looking for direction here. Looking to secure a .net web api project still on .net 4.6