Unauthorized (Invalid Token) when authenticating with JWT Bearer Token after update to .NET 6

Question

After updating the package Microsoft.AspNetCore.Authentication.JwtBearer from version 3.1.14 to 6.0.1, requests with authentication fail with 401 Unauthorized "invalid token".

What needs to be changed with the new package version?

Answer 1

This seems to be a bug. Adding an event handler (JwtBearerEvents), the failure could be identified as a MissingMethodException:

Method not found: 'Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedJwt(Microsoft.IdentityModel.Tokens.SecurityToken, System.Nullable`1<System.DateTime>, System.Nullable`1<System.DateTime>, System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters, System.Text.StringBuilder)'.

with stack trace

at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()",

Simply adding the current version of System.IdentityModel.Tokens.Jwt solved the problem.

---

Update: Please also note the comment by @Rubenisme below.

Answer 2

Although I guess you found the right solution, but I thought my answer might be a help for some problems.

After spending a whole day investigating on the same problem and finding no solutions, I decided to upgrade these libraries to match same version: 6.16.0 (on Mar 23, 2022)

• Microsoft.IdentityModel.JsonWebTokens
• Microsoft.IdentityModel.Logging
• Microsoft.IdentityModel.Protocols
• Microsoft.IdentityModel.Protocols.OpenIdConnect
• Microsoft.IdentityModel.Tokens

And the problem disappeared.