Open Closed

ValidateToken not matching the AccessToken properly #8150


0
Jason created

I am running the ASP.Net Core Zero 3.0 project with Angular, and I have a client application that uses it as a login provider and a user store. The client app, TRX, has a method that calls the user list after gaining an access token via a password token request. The token request itself works, and returns the access token which I then attach to the request for the user list, pretty much the same way that the Client app within the ASP Net zero project does:

        private static async Task<string> GetAccessTokenViaOwnerPasswordAsync()
        {
            var client = new HttpClient();

            var disco = await client.GetDiscoveryDocumentAsync(ServerUrlBase);
            if (disco.IsError)
            {
                throw new Exception(disco.Error);
            }

            client.DefaultRequestHeaders.Add(TenantConstants.Tenant1, "1");  //Set TenantId
            var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
            {
                Address = disco.TokenEndpoint,
                ClientId = "client",
                ClientSecret = "secret",
                Scope = "default-api",
                UserName = "username",
                Password = "password"
            });

            if (tokenResponse.IsError)
            {
                Console.WriteLine("Error: ");
                Console.WriteLine(tokenResponse.Error);
            }

            Console.WriteLine(tokenResponse.Json);

            return tokenResponse.AccessToken;
        }
        
        ...
        
        private static async Task<PagedResultDto<UserListDto>> GetUsersListAsync(string accessToken)
        {
            // ReSharper disable once ConvertToUsingDeclaration
            using (var client = new HttpClient())
            {
                client.SetBearerToken(accessToken);

                try
                {
                    var response = await client.GetAsync($"{ServerUrlBase}api/services/app/user/getUsers");
                    if (!response.IsSuccessStatusCode)
                    {
                        Console.WriteLine(response.StatusCode);
                        return null;
                    }

                    var content = await response.Content.ReadAsStringAsync();
                    var ajaxResponse = JsonConvert.DeserializeObject<AjaxResponse&lt;PagedResultDto&lt;UserListDto&gt;>>(content);
                    if (!ajaxResponse.Success)
                    {
                        throw new Exception(ajaxResponse.Error?.Message ?? "Remote service throws exception!");
                    }

                    Console.WriteLine();
                    Console.WriteLine("Total user count: " + ajaxResponse.Result.TotalCount);
                    Console.WriteLine();

                    foreach (var user in ajaxResponse.Result.Items)
                    {
                        Console.WriteLine($"### UserId: {user.Id}, UserName: {user.UserName}");
                        Console.WriteLine(user.ToJsonString(indented: true));
                    }
                    return ajaxResponse.Result;
                }
                catch (Exception exception)
                {
                    Console.WriteLine(exception);
                    throw;
                }
                
            }
        }

And when it hits ValidateToken, during the user list GET request, it errors out with this error:

IDX10501: Signature validation failed. Unable to match key: kid: '{key here}'

I have looked around to see what this might be caused by, and at the very least I know it means that the key does not match the validationParameters that it is checking against, but I have not been able to determine why, or what could fix this.

I would appreciate any help that can be provided for this issue.

public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)

...

var principal = _tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken); //error here

2 Answer(s)
  • 0
    maliming created

    This error will only appear in the log and will not cause your application to fail.

    Can I check it remotely? Please send teamviewer connection information to liming.ma@volosoft.com

  • 0
    ismcagdas created

    This issue is closed because it has not had recent activity for a long time.