[Bug] IDX10634: Unable to create the SignatureProvider. Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey
See original GitHub issueWhich version of Microsoft.IdentityModel are you using? Note that to get help, you need to run the latest version. 5.5.0
Where is the issue?
- M.IM.JsonWebTokens
- M.IM.KeyVaultExtensions
- M.IM.Logging
- M.IM.ManagedKeyVaultSecurityKey
- M.IM.Protocols
- M.IM.Protocols.OpenIdConnect
- M.IM.Protocols.SignedHttpRequest
- M.IM.Protocols.WsFederation
- M.IM.TestExtensions
- M.IM.Tokens
- M.IM.Tokens.Saml
- M.IM.Validators
- M.IM.Xml
- S.IM.Tokens.Jwt
- Other (please describe)
Is this a new or an existing app? c. This is a new app or an experiment.
Repro
-
Run my sample project here. It’s a .NET Core 3.1 project. I’m using
Microsoft.AspNetCore.Authentication.OpenIdConnect
to do OIDC authentication process.git clone https://github.com/doggy8088/LINELoginOIDCDemo.git cd LINELoginOIDCDemo dotnet watch run
-
Open browser and connect to https://localhost:9001/, it will redirect to LINE Login through OIDC.
-
After sign in, the error is shown:
SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed.
and'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
andAlgorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '26cf395f48162e4a377339b9520c706729e1fdc3a645b7a9ae77ac2a4875a808', InternalId: 'cd7b415e-5d20-44c8-8a02-2fb458f7ce92'.'is not supported.
Expected behavior
I expected the token should be validated successfully. The ECDsa
and HS256
should be supported. I don’t know why this error happen.
Actual behavior
Here is the complete log:
System.Exception: An error was encountered while handling the remote login.
---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '26cf395f48162e4a377339b9520c706729e1fdc3a645b7a9ae77ac2a4875a808', InternalId: 'b9983ce5-646f-432b-98a8-a98da595f433'. , KeyId: 26cf395f48162e4a377339b9520c706729e1fdc3a645b7a9ae77ac2a4875a808
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'e6a6919386169ba54de9dd336b41479a01012dc0c428baae2de18e59ee2146db', InternalId: 'c3aee9c3-2234-468b-a64a-5e56528a3f15'. , KeyId: e6a6919386169ba54de9dd336b41479a01012dc0c428baae2de18e59ee2146db
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a2a459aec5b65fa4e8add5c7697c79be445ae312bbcd6eef8fe09b5bb826cf3d', InternalId: 'dbeb0364-a2df-4c64-9ffe-242f097ed4ec'. , KeyId: a2a459aec5b65fa4e8add5c7697c79be445ae312bbcd6eef8fe09b5bb826cf3d
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'ccd58c2f2646f45fe0b4bbb0237d62f0dd7bb1669d40c121b8488f10bf363900', InternalId: '6cea30ab-5b1b-4f56-9a8f-945fb50d372f'. , KeyId: ccd58c2f2646f45fe0b4bbb0237d62f0dd7bb1669d40c121b8488f10bf363900
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '6aa8ad07cd2aaadcc656f7e2139cce8b8c4a6c81c29042f481680672fd03c969', InternalId: '0fc70bf2-d49c-4b17-9f96-aa1e566c3e85'. , KeyId: 6aa8ad07cd2aaadcc656f7e2139cce8b8c4a6c81c29042f481680672fd03c969
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '95e9119f653eae095bb3d871d6ba8ff46467aa314575a4543615f051d4b735a6', InternalId: '813611da-0a14-4c58-9bdd-3809fba74d38'. , KeyId: 95e9119f653eae095bb3d871d6ba8ff46467aa314575a4543615f051d4b735a6
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'fa134042993a4a1717e4ee16b0c48f354de6171f850155971885038288fb92c9', InternalId: '4ac14af3-c06f-4976-90cd-1e0a07357e1f'. , KeyId: fa134042993a4a1717e4ee16b0c48f354de6171f850155971885038288fb92c9
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '5cee37e69c353766a3fe01fa05bf821283541a84a6692cdeddf947d0c0904367', InternalId: '71b4515c-e342-4b5c-81c8-b4188f557c6a'. , KeyId: 5cee37e69c353766a3fe01fa05bf821283541a84a6692cdeddf947d0c0904367
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '0f7ac0f8a22e131b5fe75a9ce1699aca150f7f6c0ed75e282b3bf7fb097a763e', InternalId: '67f1e7fb-16bf-4250-b88d-df73a23e7709'. , KeyId: 0f7ac0f8a22e131b5fe75a9ce1699aca150f7f6c0ed75e282b3bf7fb097a763e
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '7f31159a65aa4bf1ddf342b57170dd7467e92d12e84c24ca20e1442553b3f08c', InternalId: '2c026a86-12c5-4c24-bdac-21dc6900b37b'. , KeyId: 7f31159a65aa4bf1ddf342b57170dd7467e92d12e84c24ca20e1442553b3f08c
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a7968c2ea15f0f41635de5e088290491b0231a56a49cc8a6cd6ed441727a252f', InternalId: '5f904113-5115-426e-920f-9d40ba0ce422'. , KeyId: a7968c2ea15f0f41635de5e088290491b0231a56a49cc8a6cd6ed441727a252f
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '9b1112b098f3184c6e83fc3d1be8fc217db1eb20756a156cb63ce8ce9e27dfd2', InternalId: 'dfde58b8-4cb2-4702-82cb-e4eabb9c983c'. , KeyId: 9b1112b098f3184c6e83fc3d1be8fc217db1eb20756a156cb63ce8ce9e27dfd2
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'fe1e8d888ec664cd2afef479c5db79692cd01aacd141483a54339351f395fa27', InternalId: 'b8fc7140-30a6-4416-9c14-6cdb3a5462a8'. , KeyId: fe1e8d888ec664cd2afef479c5db79692cd01aacd141483a54339351f395fa27
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '8cce8f074ed02378fa80705644812a2672ed7751f5b9069893557734f21bf728', InternalId: '7bae4be7-3e54-4ea7-9a31-1d540ac98e8d'. , KeyId: 8cce8f074ed02378fa80705644812a2672ed7751f5b9069893557734f21bf728
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '9291e6b6a38c7d8af68c5266faa28208d6dd59845faa024e541bdb39fe135d4b', InternalId: '999d68f3-4a69-4dff-bbcd-87b38c0f55a0'. , KeyId: 9291e6b6a38c7d8af68c5266faa28208d6dd59845faa024e541bdb39fe135d4b
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '7159e3eae0f7f2d868f3c09b6de930ec3363ec04526f40caec9b1f08e0f43ca6', InternalId: '7706cec7-10c7-4fb2-9cc2-57566d4ce757'. , KeyId: 7159e3eae0f7f2d868f3c09b6de930ec3363ec04526f40caec9b1f08e0f43ca6
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '1f067eec599b74bf4e28c243c7fba6463a035933553e31f7a388e14d44fa48e3', InternalId: 'ae38ed92-3d9b-4e45-8f39-14b0e1f56d69'. , KeyId: 1f067eec599b74bf4e28c243c7fba6463a035933553e31f7a388e14d44fa48e3
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a524a404e7a97d35dc64633756305525ed2dc4a5b48a130736f74e9a3a5d4b1d', InternalId: 'be922989-171e-4df8-8110-193b9bf4560f'. , KeyId: a524a404e7a97d35dc64633756305525ed2dc4a5b48a130736f74e9a3a5d4b1d
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a2fd5181692cc6daf799905d0dcd7b0826b458c9fe794b9056fc7b4db61cfba4', InternalId: 'dd4acb7b-9fea-4cb5-b7bb-53bd6cd86596'. , KeyId: a2fd5181692cc6daf799905d0dcd7b0826b458c9fe794b9056fc7b4db61cfba4
Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'c6f34e863d3e5e32ba32081402d8b3e10e8edb638568a57b2716c0f30f567103', InternalId: 'ef3ac132-b2e2-4615-ada9-81a40b6b1936'. , KeyId: c6f34e863d3e5e32ba32081402d8b3e10e8edb638568a57b2716c0f30f567103
'.
Exceptions caught:
'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '26cf395f48162e4a377339b9520c706729e1fdc3a645b7a9ae77ac2a4875a808', InternalId: 'b9983ce5-646f-432b-98a8-a98da595f433'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'e6a6919386169ba54de9dd336b41479a01012dc0c428baae2de18e59ee2146db', InternalId: 'c3aee9c3-2234-468b-a64a-5e56528a3f15'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a2a459aec5b65fa4e8add5c7697c79be445ae312bbcd6eef8fe09b5bb826cf3d', InternalId: 'dbeb0364-a2df-4c64-9ffe-242f097ed4ec'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'ccd58c2f2646f45fe0b4bbb0237d62f0dd7bb1669d40c121b8488f10bf363900', InternalId: '6cea30ab-5b1b-4f56-9a8f-945fb50d372f'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '6aa8ad07cd2aaadcc656f7e2139cce8b8c4a6c81c29042f481680672fd03c969', InternalId: '0fc70bf2-d49c-4b17-9f96-aa1e566c3e85'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '95e9119f653eae095bb3d871d6ba8ff46467aa314575a4543615f051d4b735a6', InternalId: '813611da-0a14-4c58-9bdd-3809fba74d38'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'fa134042993a4a1717e4ee16b0c48f354de6171f850155971885038288fb92c9', InternalId: '4ac14af3-c06f-4976-90cd-1e0a07357e1f'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '5cee37e69c353766a3fe01fa05bf821283541a84a6692cdeddf947d0c0904367', InternalId: '71b4515c-e342-4b5c-81c8-b4188f557c6a'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '0f7ac0f8a22e131b5fe75a9ce1699aca150f7f6c0ed75e282b3bf7fb097a763e', InternalId: '67f1e7fb-16bf-4250-b88d-df73a23e7709'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '7f31159a65aa4bf1ddf342b57170dd7467e92d12e84c24ca20e1442553b3f08c', InternalId: '2c026a86-12c5-4c24-bdac-21dc6900b37b'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a7968c2ea15f0f41635de5e088290491b0231a56a49cc8a6cd6ed441727a252f', InternalId: '5f904113-5115-426e-920f-9d40ba0ce422'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '9b1112b098f3184c6e83fc3d1be8fc217db1eb20756a156cb63ce8ce9e27dfd2', InternalId: 'dfde58b8-4cb2-4702-82cb-e4eabb9c983c'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'fe1e8d888ec664cd2afef479c5db79692cd01aacd141483a54339351f395fa27', InternalId: 'b8fc7140-30a6-4416-9c14-6cdb3a5462a8'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '8cce8f074ed02378fa80705644812a2672ed7751f5b9069893557734f21bf728', InternalId: '7bae4be7-3e54-4ea7-9a31-1d540ac98e8d'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '9291e6b6a38c7d8af68c5266faa28208d6dd59845faa024e541bdb39fe135d4b', InternalId: '999d68f3-4a69-4dff-bbcd-87b38c0f55a0'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '7159e3eae0f7f2d868f3c09b6de930ec3363ec04526f40caec9b1f08e0f43ca6', InternalId: '7706cec7-10c7-4fb2-9cc2-57566d4ce757'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '1f067eec599b74bf4e28c243c7fba6463a035933553e31f7a388e14d44fa48e3', InternalId: 'ae38ed92-3d9b-4e45-8f39-14b0e1f56d69'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a524a404e7a97d35dc64633756305525ed2dc4a5b48a130736f74e9a3a5d4b1d', InternalId: 'be922989-171e-4df8-8110-193b9bf4560f'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'a2fd5181692cc6daf799905d0dcd7b0826b458c9fe794b9056fc7b4db61cfba4', InternalId: 'dd4acb7b-9fea-4cb5-b7bb-53bd6cd86596'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: 'c6f34e863d3e5e32ba32081402d8b3e10e8edb638568a57b2716c0f30f567103', InternalId: 'ef3ac132-b2e2-4615-ada9-81a40b6b1936'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'.
token: '{"alg":"HS256","typ":"JWT"}.{"iss":"https://access.line.me","sub":"U4e4149f4c4970f5...","aud":"165702....","exp":1649151583,"iat":1649147983,"nonce":"637847447804625787.Mjk4NzYwMzYtYWJmNi00YWVkLTg4ZDMtN2MwNzIyOWEwYjg2MDRjNDcwNTItYWZmYy00MzExLWIxMWYtZmRhMjU3ZDEyNTdl","amr":["linesso"],"name":"Will","picture":"https://profile.line-scdn.net/0hq3-UwB3ELhwQLAfJbLZRSyxpIHFnAihUaEIzfDF-...."}'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.ValidateToken(String idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, JwtSecurityToken& jwt)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Possible solution No.
I can only bypass the validation for now.
options.TokenValidationParameters = new TokenValidationParameters()
{
SignatureValidator = delegate(string token, TokenValidationParameters parameters)
{
return new JwtSecurityToken(token);
}
};
Additional context / logs / screenshots / links to code
Here is the LINE OIDC openid-configuration url: https://access.line.me/.well-known/openid-configuration
Here is the jwks_uri
link:
https://api.line.me/oauth2/v2.1/certs
All these keys seems been tried by Microsoft.IdentityModel but all failed.
I also tried ASP.NET Core 6.0 with latest version of M.IM. It still failed. Sample project here.
Issue Analytics
- State:
- Created a year ago
- Comments:7 (1 by maintainers)
Top GitHub Comments
I found it. 😄
@doggy8088 HS256 is a symmetric key algorithm see HS256 and requires a symmetric key.
The alg value should be ES256, you should contact the creator of the JWS.