TokenValidationParameters no longer working after upgrade to 5.0.0

Question

I have the following code which was working when I was using System.IdentityModel.Tokens.Jwt, Version=4.0.20622.1351

private static void ConfigureAzureAD(IAppBuilder appBuilder)
{
    appBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(
        new WindowsAzureActiveDirectoryBearerAuthenticationOptions
        {
            Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
            TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
            {
                ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
            }
        });
}

However as soon as I upgraded this package to the latest one which is version 5 it no longer compiles complaining Reference to type 'TokenValidationParameters' claims it is defined in System.IdentityModel.Token.Jwt but it could not be found.

Also if you try the following compiler will warn you that Audience is obsolete:

 private static void ConfigureAzureAD(IAppBuilder appBuilder)
    {
        appBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(
            new WindowsAzureActiveDirectoryBearerAuthenticationOptions
            {
                Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
                Audience = ConfigurationManager.AppSettings["ida:Audience"]
            });
    }

I downgraded this DLL again and used the version 4.0.20622.1351, it started compiling.

Has there been a syntax change for Configuring the Azure Active Directory?

On Github I could not find a single project using the latest package 5.0.0 and all of them are using the previous package 4.0.20622.1351. Can anyone shed some light on this using the latest System.IdentityModel.Tokens.Jwt 5.0.0 or direct me to some project on Github using the latest package?

Answer 1

TokenValidationParameters is in assembly: Microsoft.IdentityModel.Tokens

It looks like you are using Katana (the first version of asp.net OWIN offering). Katana does not support 5.0.0. You need to stick with 4.x.

The latest version of asp.net takes a dependency on S.IM.xx and M.IM.xxx 5.0. https://github.com/aspnet

Answer 2

Short version: Make sure you use version 4.0 or later of the Microsoft.Owin packages, such as Microsoft.Owin.Security.Jwt.

---

As the other answers mentioned, there was a breaking change in System.IdentityModel.Tokens.Jwt from version 4.0 to 5.0. This caused problems because some packages like Microsoft.IdentityModel.Protocols depended on version 5.0, while older Katana/OWIN packages like Microsoft.Owin.Security.Jwt were still hardcoded to depend on version 4.0.

The good news is that this is being fixed in the new Katana 4.0 release. The 4.0 packages (such as Jwt and Cookies) have been published to NuGet as prerelease packages and will be available as stable packages soon.

Answer 3

I don't know when or if this will ever be fixed, but I hope it will. I've already posted these issues on the Github site for the AAD extensions and on the Katana site. You can follow along with the discussions and progress on those sites, and if you care to, you can always post your interest in seeing this addressed.

I can't understand how this was not seen as an issue before release. "Upgrade to .Net Core" is not a reasonable solution. My app has no chance of doing that for a good while, as do most non-trivial projects.