Security.Jwt icon indicating copy to clipboard operation
Security.Jwt copied to clipboard
verified publisher icon NetDevPack

JsonWebKey deserialization depends on global JsonSerializerOptions

Open 50c opened this issue 1 year ago • 2 comments

Hi, I'm a happy user of your helpful library, but recently I have encounted a problem. After some updates on my project, the SigningCredentials returned by the library was not accepted anymore for jwt signing and throws misleading error:

System.NotSupportedException: IDX10621: 'Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider' supports: 'Microsoft.IdentityModel.Tokens.SecurityKey' of types: 'Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey' or 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey'. SecurityKey received was of type 'Microsoft.IdentityModel.Tokens.JsonWebKey'.

After further investigation and debugging, I found that returned SecurityKey has just default values for his properties. This was caused by wrong deserialization of JsonWebKey by KeyMaterial.GetSecurityKey that is depending on JsonSerializerOptions

I have the small fix for this that I could send as merge request.

50c avatar Feb 06 '24 14:02 50c

Ok, great!! Send a PR

brunobritodev avatar Feb 06 '24 18:02 brunobritodev

This will also close #47

sherlock1982 avatar Mar 15 '24 17:03 sherlock1982