azure-activedirectory-identitymodel-extensions-for-dotnet: BUG : System.IdentityModel.Tokens.Jwt 6.12.1 causes exceptions

I have several API projects where this package was installed. I recently updated to 6.12.1 from 6.12.0 through nuget and started getting exceptions.

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.MissingMethodException: Method not found: 'Void Microsoft.IdentityModel.Logging.IdentityModelTelemetryUtil.SetTelemetryData(System.Net.Http.HttpRequestMessage)'.
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)

Oddly, I found that I actually no longer need this package at all, and have removed it, thus solving my issue. But I’m wondering if 6.12.1 has some dependency problem when installed.

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 34 (16 by maintainers)

Most upvoted comments

Confirmed. If I take another explicit dependency on

<PackageReference Include="Microsoft.IdentityModel.Protocols" Version="6.12.1" />

the exception is resolved.

ErikPilsits-RJW on Aug 13, 2021

In my case, it may have been related to a cached instance of our repository manager on my local machine. Once the bad package was removed from nuget and I invalidated my cache, builds succeeded again.

My repro was to reference a dependency which referenced this package. Beyond that I can’t say unfortunately.

On Fri, Aug 13, 2021 at 6:13 PM henrikm @.***> wrote:

@BlacKCaT27 https://github.com/BlacKCaT27 @ErikPilsits-RJW https://github.com/ErikPilsits-RJW we are not able to reproduce this issue. Did you update all packages to the latest version? Can you please share a list of all your package references and versions to packages named Microsoft.IdentityModel and System.IdentityModel?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1686#issuecomment-898746112, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH7TYJ6N75VGUM7BTCGZBDT4WKIPANCNFSM5CEFXQLA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

BlacKCaT27 on Aug 13, 2021

@jennyf19 Yes it does.

Upgrading to version 1.16.0 of Microsoft.Identity.Web and removing the direct reference to Microsoft.IdentityModel.Protocols makes everything work as before.

Thank you 😃

stap123 on Aug 22, 2021

@stap123 can you try with Microsoft.Identity.Web version 1.16.0, which references Microsoft.IdentityModel.* as 6.*, so hopefully that works for you without a direct reference.

jennyf19 on Aug 21, 2021

Can confirm the issue, I had to wrestle with the problem for the whole day until I found the culprit. Microsoft.IdentityModel.Tokens works with version 6.12.0, but 6.12.1 causes exceptions breaking the app.

I have entirely deleted the package reference from the project and it’s back working fine.

pkwieci1 on Aug 18, 2021

Now I understand. From Microsoft.IdentityModel.Logging

[assembly: InternalsVisibleTo("Microsoft.IdentityModel.Protocols

And my Protocols version is 6.12.0 from the Microsoft.Identity.Web dependency. And so the signatures don’t match.

So really, this is a potential problem for the wider world. Consider two unrelated packages, and the maintainers are dead. One takes a dependency on Protocols 6.12.0, and one takes a dependency on Tokens.Jwt 6.12.1. You’d have to fix it by taking an explicit dependency on Protocols 6.12.1, and hope that Protocols doesn’t have breaking changes for your other dependency.

Wouldn’t it be safer to maintain backwards compatibility and provide both method signatures?

ErikPilsits-RJW on Aug 13, 2021

Seems like you found it. Now that you relisted the package, I recreated my issue. I confirmed that after building, I only have version 6.12.1 of Tokens.Jwt.dll in my solution output. So the method sig change error makes sense.

Seems like this kind of a change is really dangerous no? It will break anything that has a dependency on this package and uses that method.

ErikPilsits-RJW on Aug 13, 2021

I removed or downgraded to 6.12.0 this package only , System.IdentityModel.Tokens.Jwt, in the Infrastructure project.

ErikPilsits-RJW on Aug 13, 2021

 <PackageReference Include="Microsoft.Identity.Web" Version="1.15.2" />

references IdentityModel, current latest release references 6.12.0

henrik-me on Aug 13, 2021

Can confirm the issue is resolved once Nexus cache was cleared. Not sure what went wrong with the package itself though. Good luck

On Fri, Aug 13, 2021, 6:20 PM henrikm @.***> wrote:

Thanks @BlacKCaT27 https://github.com/BlacKCaT27, that would match our expectations as well. If all packages are updated there should be no such issues. We will re-enlist later today unless we hear from you that the issue persists.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1686#issuecomment-898748540, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH7TYLWQY2MVT6BDY6QD3TT4WLC3ANCNFSM5CEFXQLA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

BlacKCaT27 on Aug 13, 2021