Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Update of System.IdentityModel.Tokens.Jwt causing breaking change in IdentityServer3 Client

Tags:

c#

security

identityserver3

Hopefully an easy one to resolve.

Microsoft's System.IdentityModels.Tokens.Jwt package was updated yesterday on NuGet from 4.0.2.206211351 to v5.0. This is unfortunately causing a breaking change with some "standard" IdentityServer3 code. i.e. taken from their code samples so I imagine quite a few developers might see this issue over the coming days.

Original Code

using v4.0.2.xxxxxx version of the package. I have

using System.IdentityModel.Tokens;

in the namespace.

then in the Configuration method begins as:

public void Configuration(IAppBuilder app)     {         AntiForgeryConfig.UniqueClaimTypeIdentifier = "sub";          JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();          app.UseCookieAuthentication(new CookieAuthenticationOptions         {             AuthenticationType = "Cookies"         });          app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions         { ... };

After Updating

After updating the confgiuration line:

JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

Is causing an issue.

The first thing being that the Class has, apparently, moved into the System.IdentityModel.Tokens.Jwt namespace, this isn't so bad to resolve.

However, I'm now getting an Object reference required for a non-static field error on the JwtSecurityTokenHandler.InboundClaimTypeMap.

Am I missing something here, another library that's required or is there something happening before the Startup.Configuration() is called that needs digging into?

like image 823
Ross Halliday Avatar asked Jun 28 '16 15:06

Ross Halliday

2 Answers

When you go to the doctor and say "it always hurts when I do this" - the doctor will reply "then stopping doing this" ;)

v4 -> v5 is by definition a breaking change. Do you need v5?

That being said - a simple intellisense exploration would have brought up that they renamed InboundClaimTypeMap to DefaultInboundClaimTypeMap.

Be prepared for more breaking changes along the way.

like image 61
leastprivilege Avatar answered Sep 19 '22 23:09

leastprivilege

Access token validation in OWIN is not compatible with system.identitymodel v5 - you need to downgrade to v4 - See issue here

like image 27
Todd Hirsh Avatar answered Sep 18 '22 23:09

Todd Hirsh
Sign in to Comment

Related questions

Visual Studio Help - The "RunCommand" property is not defined
How to split large files efficiently
Pumping Windows Messages During Long Operation?
Does caching the return value of typeof(MyControl) provide any optimization?
Unit test project not building from build server
How can I make reverse scanning of a binary file faster?
Collection<T> class and it's use
How to check if a named capture group exists?
MSBuild Item Include (wildcard) not expanding
what does a using statement without variable do when disposing?
Running Visual Studio as Administrator does not see mapped network drives [duplicate]
Override global authorize filter in ASP.NET Core 1.0 MVC
Handling exception in asp.net core?
Javascript in a View Component
A dictionary object that uses ranges of values for keys
How to log all thrown exceptions?
Find out how many threads my application is running?
How to serialize or deserialize a JSON Object to a certain depth in C#?
C# Threading - How to start and stop a thread
Multiple actions were found that match the request Web API?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!