问题
I created an Asp.Net Core 2.2 application with DefaultIdentity using OpenIddict with the Implicit flow. This application runs in a Docker container. I am trying to use the AddDevelopmentSigningCertificate() option for my development environment.
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options =>
{
options.UseMvc();
options.EnableAuthorizationEndpoint("/connect/authorize");
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile, OpenIddictConstants.Scopes.Roles);
options.AllowImplicitFlow();
options.DisableHttpsRequirement();
options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
})
.AddValidation();
Then I have an Asp.Net Core 2.2 Web API application also running in a Docker container. I am using Swagger via Swashbuckle and JWT Bearer Authentication.
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = identityUrl;
options.RequireHttpsMetadata = false;
options.Audience = "supplier-service";
});
(identityUrl is the Url of the Authorization Server Docker container)
But I am getting following error:
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys: kid: '[PII is hidden]', token: '[PII is hidden]'.
What am I missing or what am I doing wrong?
回答1:
The url for the Authority option of the AddJwtBearer was wrong. In case somebody gets the same misleading error message.
来源:https://stackoverflow.com/questions/54333631/openiddict-using-adddevelopmentsigningcertificate