Skip to content

[release/9.0] Fix loading dotnet user-jwts config#59473

Merged
wtgodbe merged 1 commit intorelease/9.0from
backport/pr-59425-to-release/9.0
Jan 7, 2025
Merged

[release/9.0] Fix loading dotnet user-jwts config#59473
wtgodbe merged 1 commit intorelease/9.0from
backport/pr-59425-to-release/9.0

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Dec 13, 2024
edited by halter73
Loading

Backport of #59425 to release/9.0

/cc @halter73

Fix loading dotnet user-jwts config

Description

This PR fixes a bug introduced in .NET 9 that caused the JwtBearerHandler to reject JWT tokens created by dotnet user-jwts create despite the tool correctly setting the necessary configuration. The issue was caused by the JwtBearerHandler not loading the user-jwts IssuerSigningKeys from user-secrets configuration.

Fixes #58996

Customer Impact

Without this fix, the functionality of dotnet user-jwts is broken when referencing the Microsoft.AspNetCore.Authentication.JwtBearer 9.0 NuGet package. There is a workaround of manually reading the IssuerSigningKeys from config, but this isn't at all discoverable unless you find the GitHub issue.

builder.Services.AddAuthentication("Bearer").AddJwtBearer(o =>
{
    o.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("Authentication:Schemes:Bearer:SigningKeys:0").GetValue<string>("Value")));
});

Regression?

  • Yes
  • No

This behavior regressed between .NET 8 and .NET 9.

Risk

  • High
  • Medium
  • Low

This is a one-line change that is now covered by both end-to-end and unit testing introduced in this PR.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@ghost ghost added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Dec 13, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Dec 13, 2024
@halter73 halter73 added the Servicing-consider Shiproom approval is required for the issue label Dec 14, 2024
@mkArtakMSFT mkArtakMSFT added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Dec 18, 2024
@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Dec 25, 2024
@wtgodbe wtgodbe merged commit c7de78c into release/9.0 Jan 7, 2025
@wtgodbe wtgodbe deleted the backport/pr-59425-to-release/9.0 branch January 7, 2025 22:30
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.2 Jan 7, 2025
@martincostello martincostello mentioned this pull request Jan 12, 2025
Closed
1 task
This was referenced Feb 12, 2025
Merged
Merged
This was referenced Jul 22, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
This was referenced Mar 23, 2026
Closed
Closed
Closed
Closed
Closed
Open
Open
Merged
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Open
Open
Open
Open
Open
Open
Open
This was referenced Mar 30, 2026
Open
Closed
Open
Open
Closed
Closed
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@captainsafia captainsafia captainsafia approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun Servicing-approved Shiproom has approved the issue

Projects

None yet

Milestone

9.0.2

Development

Successfully merging this pull request may close these issues.

4 participants

@captainsafia @halter73 @wtgodbe @mkArtakMSFT