ASP.NET Core Identity invalid token on confirmation email

Question

This is a very similar question to this aspnet identity invalid token on confirmation email but the solutions are not valid because I am using the new ASP.NET Core 1.0 that

Answer 1

After scaffolding the ConfirmEmail page in my Asp.Net Core 3.0 project I ran into the same problem.

Removing the following line from the OnGetAsync method in ConfirmEmail.cshtml.cs fixed the problem:

code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code));

In the scaffolded Login page, the code is added to the callbackUrl which is then URL encoded using HtmlEncoder.Default.Encode(callbackUrl). When the link is clicked the decoding is automatically done and the code is like it should be to confirm the email.

UPDATE:

I noticed that during the Forgot Password process the code is Base64 encoded before being put in the callbackUrl which then means that the Base64 decode IS necessary.

A better solution would thus be to add the following line to wherever the code is generated before adding it to the callbackUrl.

code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));

Here is a link to the issue which has been fixed.