'Unauthorized (Invalid Token) when authenticating with JWT Bearer Token after update to .NET 6

After updating the package Microsoft.AspNetCore.Authentication.JwtBearer from version 3.1.14 to 6.0.1, requests with authentication fail with 401 Unauthorized "invalid token".

What needs to be changed with the new package version?



Solution 1:[1]

This seems to be a bug. Adding an event handler (JwtBearerEvents), the failure could be identified as a MissingMethodException:

Method not found: 'Void Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedJwt(Microsoft.IdentityModel.Tokens.SecurityToken, System.Nullable`1<System.DateTime>, System.Nullable`1<System.DateTime>, System.String, Microsoft.IdentityModel.Tokens.TokenValidationParameters, System.Text.StringBuilder)'.

with stack trace

at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()",

Simply adding the current version of System.IdentityModel.Tokens.Jwt solved the problem.


Update: Please also note the comment by @Rubenisme below.

Solution 2:[2]

Although I guess you found the right solution, but I thought my answer might be a help for some problems.

After spending a whole day investigating on the same problem and finding no solutions, I decided to upgrade these libraries to match same version: 6.16.0 (on Mar 23, 2022)

  • Microsoft.IdentityModel.JsonWebTokens
  • Microsoft.IdentityModel.Logging
  • Microsoft.IdentityModel.Protocols
  • Microsoft.IdentityModel.Protocols.OpenIdConnect
  • Microsoft.IdentityModel.Tokens

And the problem disappeared.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 Shojajou