FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    .net core - Signature validation failed. Unable to match key: kid:

    Scheduled Pinned Locked Moved
    General Discussion
    0
    3
    12.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      craig
      last edited by

      Creating a multi tenanted application using .dot net core 3.1.

      Created custom JWT middleware as we have multiple applications. depending on the tenant, however when trying to authorize the bearer token we get the following error:-

      Signature validation failed. Unable to match key: kid:

      var tokenHandler = new JwtSecurityTokenHandler();
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("My secret from application config"));

 tokenHandler.ValidateToken(token, new TokenValidationParameters
{
   ValidateIssuerSigningKey = true,
   IssuerSigningKey = key,
   ValidateIssuer = false,
   ValidateAudience = false,
   ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);

      This is a test using a hard coded secret from the application.

      What are we doing wrong?

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Hmmmm. That sure looks correct, though I haven't used that particular library.

        Is there any pattern between the tenants which fail and the tenants which succeed?

        Are they all set up to use the default/same symmetric key to sign the JWTs ( "Tenants > My Tenant > JWT > JSON Web Token Settings" )?

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • P
          pclark
          last edited by

          Two ideas:

          • Does it help to specify the key id when creating your test SymmetricSecurityKey?
          var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes( "My secret from application config" ) ) { KeyId = "Your Key Id" };
          • You don't specify which algorithm you're using to sign your tokens. If you're using SymmetricSecurityKey, ensure you're using an symmetric algorithm to sign your tokens.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post