Issue: after upgrading from .NET 7 to .NET 9, my application invalidates JWT tokens, leading to authentication failures. Now, I am unable to log in, as the API consistently returns HTTP "401 - Unauthorized" errors.
Symptoms:
- The JWT token is always rejected as invalid
- The issue started only after upgrading to .NET 9
- It was working perfectly in .NET 7
Question: has anyone encountered a similar issue after upgrading to .NET 9? What changes might be affecting JWT authentication?
Error message as response from JWT authentication:
IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format.
(JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'.
(JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Issue: after upgrading from .NET 7 to .NET 9, my application invalidates JWT tokens, leading to authentication failures. Now, I am unable to log in, as the API consistently returns HTTP "401 - Unauthorized" errors.
Symptoms:
- The JWT token is always rejected as invalid
- The issue started only after upgrading to .NET 9
- It was working perfectly in .NET 7
Question: has anyone encountered a similar issue after upgrading to .NET 9? What changes might be affecting JWT authentication?
Error message as response from JWT authentication:
Share Improve this question edited Mar 4 at 1:28 Zhi Lv 22k1 gold badge27 silver badges37 bronze badges asked Mar 2 at 6:04 vijay sahuvijay sahu 8331 gold badge8 silver badges31 bronze badges 5IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format.
(JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'.
(JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
- 1 Check if that's not affected by the breaking change in ASP.NET 8 - learn.microsoft/en-us/dotnet/core/compatibility/aspnet-core/… – Paweł Łukasik Commented Mar 2 at 7:51
- 1 Please provide a sample JWT (the last section is the signature, so go ahead and redact that) and your code. – ProgrammingLlama Commented Mar 2 at 8:25
- Does code still work with Net 7? When was last time code worked? I would concentrate on the 401 error and not the JWT error. The JWT error may just be the results of the 401 Unauthorize Failing. I'm suspect the token may of expired, the type of Authorization changed (Windows to OAUTH2), a certificate expiring, or something similar. – jdweng Commented Mar 2 at 11:19
- 1. Context in Program: The InnerException is part of the context.Exception in the OnAuthenticationFailed event of the JWT Bearer authentication. This event is triggered when JWT authentication fails. 2. Reason for Exception: The MissingMethodException suggests that the method Base64UrlEncoder.Decode is not found in the version of Microsoft.IdentityModel.Tokens being used. This could be due to a version mismatch or an outdated library. – vijay sahu Commented Mar 9 at 0:06
- version for Microsoft.IdentityModel.Tokens is 8.6.1 For .Net Core 9 – vijay sahu Commented Mar 9 at 0:08
1 Answer
Reset to default 0I had the same issue while upgrading an application from .NET 6 to .NET 8. The fix in my case was simple, I just updated the Microsoft.Identity.Client package to the latest version (currently, 4.70.1). I suggest that you look for "vulnerable packages" when you migrate to a higher version of the framework, update all of them and re-test everything