Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/9.0] Fix loading dotnet user-jwts config #59473

Open
wants to merge 1 commit into
base: release/9.0
Choose a base branch
from
Open

[release/9.0] Fix loading dotnet user-jwts config #59473

wants to merge 1 commit into from
+59 −7

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Dec 13, 2024
edited by halter73
Loading

Backport of #59425 to release/9.0

/cc @halter73

Fix loading dotnet user-jwts config

Description

This PR fixes a bug introduced in .NET 9 that caused the JwtBearerHandler to reject JWT tokens created by dotnet user-jwts create despite the tool correctly setting the necessary configuration. The issue was caused by the JwtBearerHandler not loading the user-jwts IssuerSigningKeys from user-secrets configuration.

Fixes #58996

Customer Impact

Without this fix, the functionality of dotnet user-jwts is broken when referencing the Microsoft.AspNetCore.Authentication.JwtBearer 9.0 NuGet package. There is a workaround of manually reading the IssuerSigningKeys from config, but this isn't at all discoverable unless you find the GitHub issue.

builder.Services.AddAuthentication("Bearer").AddJwtBearer(o =>
{
    o.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("Authentication:Schemes:Bearer:SigningKeys:0").GetValue<string>("Value")));
});

Regression?

  • Yes
  • No

This behavior regressed between .NET 8 and .NET 9.

Risk

  • High
  • Medium
  • Low

This is a one-line change that is now covered by both end-to-end and unit testing introduced in this PR.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Dec 13, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Dec 13, 2024
@halter73 halter73 added the Servicing-consider Shiproom approval is required for the issue label Dec 14, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Hi @github-actions[bot]. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge.

To learn more about how to prepare a servicing PR click here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@captainsafia captainsafia captainsafia approved these changes

Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI Servicing-consider Shiproom approval is required for the issue
Projects
None yet
Milestone
9.0.x
Development

Successfully merging this pull request may close these issues.
2 participants
@captainsafia @halter73