Login/Register
Method not found: 'Boolean Microsoft.IdentityModel.Tokens.TokenUtilities.IsRecoverableConfiguration
Asked Answered
Solved c#asp.net-coreweb
P

1

6

I have a .NET 6 web API that attempts to validate a JWT Bearer token with the following code:

objReturn = new JwtSecurityTokenHandler().ValidateToken(strJwtToken,
    new TokenValidationParameters
    {
        ValidateIssuer = false,
        ValidateAudience = false,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = objSecurityKey,
        ClockSkew = TimeSpan.Zero
    }, out objSecurityToken);

This works fine; however, I upgraded my NuGet packages today and now I am receiving the following error for all versions of the Microsoft.IdentityModel.Tokens package starting at version 6.29:

{"Method not found: 'Boolean Microsoft.IdentityModel.Tokens.TokenUtilities.IsRecoverableConfiguration(Microsoft.IdentityModel.Tokens.TokenValidationParameters, Microsoft.IdentityModel.Tokens.BaseConfiguration, Microsoft.IdentityModel.Tokens.BaseConfiguration ByRef)'."}

What's weird is that the method appears to still be there as I went to it's NuGet.org page, which linked me to it's source repo on GitHub. This missing method appears to be there - it can be found here, starting on line 203.

Any ideas what is going on and how to fix?

UPDATE:

I used the example on how to validate a JWT token from this site: https://jasonwatmore.com/post/2022/01/19/net-6-create-and-validate-jwt-tokens-use-custom-jwt-middleware

Poulin answered 23/7, 2023 at 23:32 Comment(3)
After installing Microsoft.AspNetCore.Authentication.JwtBearer, the Microsoft.IdentityModel.Tokens namespace will be provided, and the Microsoft.IdentityModel.Tokens package does not need to be installed. Can you provide a minimal reproducible example?Panther
@Panther I am using Microsoft.AspNetCore.Authentication.JwtBearer v6.0.20. When I navigate the package tree, I see Microsoft.IdentityModel.Tokens v6.0.24, which is a few versions behind the maximum that I can run. So, this leads me to think that this is not the issue. I have updated my question with how to replicate.Poulin
Hi @J Weezy, I still haven't been able to get your problem. Have you tried using the repository example in the link you provided?Panther
B
14

Explanation

I have encountered the same problem because one of my dependencies references Microsoft.IdentityModel.JsonWebTokens in the latest version (e.g. 6.32.1) and another references Microsoft.AspNetCore.Authentication.JwtBearer or Microsoft.AspNetCore.Authentication.OpenIdConnect (7.0.x), which in turn reference Microsoft.IdentityModel.Protocols.OpenIdConnect with a "minimum version" (e.g. >=6.15.1) which depends on System.IdentityModel.Tokens.Jwt which depends on Microsoft.IdentityModel.JsonWebTokens.

Microsoft.AspNetCore.Authentication.OpenIdConnect (7.0.x)
|_ Microsoft.IdentityModel.Protocols.OpenIdConnect (6.15.1) 
   |_ System.IdentityModel.Tokens.Jwt (6.15.1)
      |_ Microsoft.IdentityModel.JsonWebTokens (6.32.1) [explicitly added]

The NuGet compatibility check indicates no error, but Microsoft.IdentityModel.Protocols.OpenIdConnect version 6.15.1 is not compatible with more recent versions of Microsoft.IdentityModel.JsonWebTokens whose method signatures have changed.

Solution

Either you can remove the explicit reference to Microsoft.IdentityModel.JsonWebTokens.

Otherwise you must explicitly add System.IdentityModel.Tokens.Jwt or Microsoft.IdentityModel.Protocols.OpenIdConnect NuGet package in the most recent version compatible with your Microsoft.AspNetCore.Authentication.XXX dependencies.

Beastly answered 10/8, 2023 at 7:25 Comment(2)
That worked, thanks! It is kind of bizarre that the solution compiles with no error. One might think that the compiler would/should reliably check for package dependencies.Poulin
you can get raw code in this repo link. And select branch with format rel/* to get available version.Williswillison

© 2022 - 2025 — McMap. All rights reserved.