'asp.net core OAuth access_token verification fails with "IDX10609: Decryption failed. No Keys tried: token: 'System.String'.:"

I have a single page application in Blazor WASM that connects to OAuth0 and receives JWT token when a user get authenticated via OAuth. My OAuth application uses symmetric signing with HS256.

I am trying to authenticate the returned tokens using the "Client Secret" from my OAuth app but whereas the id_token gets verified, the access_token always fails with the error:

"IDX10609: Decryption failed. No Keys tried: token: 'System.String'.:"

To perform the verification I use the method found here.

My code looks like that:

    var mySecret = "####";
    var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(mySecret));
    var tokenHandler = new JwtSecurityTokenHandler();
    try
    {
        IConfigurationManager<OpenIdConnectConfiguration> configurationManager = 
            new ConfigurationManager<OpenIdConnectConfiguration>(
                $"{my_oauth_app_domain}.well-known/openid-configuration", 
                new OpenIdConnectConfigurationRetriever());
        OpenIdConnectConfiguration openIdConfig = await configurationManager.GetConfigurationAsync(CancellationToken.None);
        var keys = openIdConfig.SigningKeys;
        tokenHandler.ValidateToken(token, new TokenValidationParameters
        {
            ValidateAudience = false,
            ValidateIssuer = false,
            ValidateActor = false,
            ValidateLifetime = false,
            ValidateTokenReplay = false,
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = mySecurityKey,
            IssuerSigningKeys = openIdConfig.SigningKeys,
        }, out SecurityToken validatedToken);
    }
    catch(Exception ex)
    {
        Console.WriteLine($"{ex.Message}: {ex.StackTrace}");
        return false;
    }
    return true;

What I find strange is that the access_token appears to be malformed. I know that it doesn't have to follow the JWT specs but puting it in jwt.io causes an error and fields like "kid" which I have seen in other tokens on the web, are missing. Here is the token:

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9nYW50b25vcG91bG9zLmV1LmF1dGgwLmNvbS8ifQ..MQnqWWfe3mBCVeKQ.y8e77jf3VwJNRSoDWjB3v05WrT9IJPL_kdqhxlQFnfMOAyqQJOD1ttl1muYlCJJVwAskaAeBr4FgkcwjiL1s4eS9gcWK7yq-2PPbLkDzXtBjA4kgMGdGyMURl-F2jYBNwxbCuXyBKcxJVwzE4-aluYCAOZ8QaXzqKgmQJdpxIdBluVux7nK49uhvEJ5Pv7ueh7eGcm9AAmHm__TYKPPcpPutHNiuD6J8xoptHFLPjKakECE6ZXgD-xLNp4BHwe_DmW6UDPuZ_OD9G8D-hwayz8l--zZdICEnFywUzSWXFiVPUvn4DszDhzWbJsBNf3dnl2cnKel3EYsB.NvsUTcP9v_iicpQ5AkaC4w

Am I doing something wrong?

asp.netoauth-2.0jwt


Solution 1:[1]

I found the problem here. In my request to OAuth0 I did not add the "audience" parameter. This led to an opaque token being issued.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 georanto

Related Questions

Passing data from database containing new line breaks jquery

Creating .ICS files, adding to outlook

ASP.NET: HTTP Error 500.19 – Internal Server Error 0x8007000d

The configuration section cannot contain a CDATA or text element

Attempting to make enter button 'clickable'

automapper map interface to interface or object

How to show or hide contents of an aspx page based on current user's roles

The server response was: 5.7.0 Must issue a STARTTLS command first. i16sm1806350pag.18 - gsmtp

IIS 8.0 Detailed 500.0 Internal Server Error - IsapiModule Not Found

EntityDataSource - how to do WHERE Clause from different table

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

How to use jquery in ASP.​NET Core

Create HTML table from a list

How to change Text of button in FileUpload control and set value to textbox

How to add project reference to ASP.NET Core 1.0 MVC project