.net core - Signature validation failed. Unable to match key: kid:

  • Creating a multi tenanted application using .dot net core 3.1.

    Created custom JWT middleware as we have multiple applications. depending on the tenant, however when trying to authorize the bearer token we get the following error:-

    Signature validation failed. Unable to match key: kid:

    var tokenHandler = new JwtSecurityTokenHandler();
    var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("My secret from application config"));
     tokenHandler.ValidateToken(token, new TokenValidationParameters
       ValidateIssuerSigningKey = true,
       IssuerSigningKey = key,
       ValidateIssuer = false,
       ValidateAudience = false,
       ClockSkew = TimeSpan.Zero
    }, out SecurityToken validatedToken);

    This is a test using a hard coded secret from the application.

    What are we doing wrong?

  • Hmmmm. That sure looks correct, though I haven't used that particular library.

    Is there any pattern between the tenants which fail and the tenants which succeed?

    Are they all set up to use the default/same symmetric key to sign the JWTs ( "Tenants > My Tenant > JWT > JSON Web Token Settings" )?

  • Two ideas:

    • Does it help to specify the key id when creating your test SymmetricSecurityKey?
    var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes( "My secret from application config" ) ) { KeyId = "Your Key Id" };
    • You don't specify which algorithm you're using to sign your tokens. If you're using SymmetricSecurityKey, ensure you're using an symmetric algorithm to sign your tokens.

Log in to reply

Looks like your connection to FusionAuth Forum was lost, please wait while we try to reconnect.