qjnro (qjnro) asked a question.
IDX10500: Signature validation failed
Hi,I'm trying to create a proof-of-concept application. I have a native windows client application that is based on the Okta example named "Okta OpenID Connect Windows Native Examples." I have a WebAPI server application that is based on the Okta example, "Okta-OpenIDConnect-SPA-ASP.NET WebAPI." The objective is to have the client successfully call the WebAPI server with group authorization. I'm having a problem getting the token validation to work on the WebAPI server. It looks like the token is signed with a different key than the one in the openid-configuration. Here's the error that I'm getting: System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier ( IsReadOnly = False, Count = 1, Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause )', token: '{"alg":"RS256","kid":"3u3MKPQsCYpA5_tQZ6FYINo0Agf6I0IxucFd14D2gOs"}.{"ver":1,"jti":"AT.PJQv1IjWUvX1v-J1uTKTYAdUZaTshrBEVYEs8L7mzqM","iss":"https://... And the response from /oauth2/v1/keys looks like this: {keys: [{alg: "RS256",e: "AQAB",n: "zn2dZz79-idza7gqZEPaw1RJn1p2lPN1CITSEayyvdOZuhbH_FkBbj5WLFUZCPqjaNJvtpDDdD1WvKYLWIH-KUGoNOLrD0dIWMVhSqoRzBZ3EkLVI_g607Vu-BXT2BPfIw7ovUpuObVcI1Uy7BbHmgQJJuFSlOUjhboe60vHHVxwgoTYU62hYAb66SFp3t9VFqEpOjDyJL6Mf8rLijOP7S3Ft-FqL3NO9QXKRl0fa5bLkZ5rxdHwmTITnNE6w3TwijE84l3dWiFIDIyd8E23xdgokdun0C4Cj2ntINpkDvkuWraDKxuafYiN9eTD4jAQXiuhPrSj4V4ueuNTVM7e8w",kid: "eTamJ0wfPSMKPsDXmV84FsbJ5fqFskdoVvEMIk_yTMo",kty: "RSA",use: "sig"}]} I'm assuming that the kids should match. Is that a correct assumption? If they are supposed to match, why would they be different? If they arent supposed to match, what else could be wrong? Thanks!
