botframework-sdk: Invalid token - Bot 3
Hi,
I just create a new Bot, but I have an Invalid token error with the Bot Channel Emulator (3.0.0.57). The stack:
iisexpress.exe Warning: 0 : Invalid token. System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier ( IsReadOnly = False, Count = 2, Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x3270BF5597004DF339A4E62224731B6BD82810A6), Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause ) ', token: ‘{“typ”:“JWT”,“alg”:“RS256”,“x5t”:“MnC_VZcATfM5pOYiJHMba9goEKY”,“kid”:“MnC_VZcATfM5pOYiJHMba9goEKY”}.{“aud”:“https://graph.microsoft.com”,“iss”:“https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",“iat”:1468407317,“nbf”:1468407317,“exp”:1468411217,“appid”:“232f17e2-eef5-4f53-b892-c0afbad14617”,“appidacr”:“1”,“idp”:“https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/”,“tid”:“72f988bf-86f1-41af-91ab-2d7cd011db47”,“ver”:"1.0”}’. at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 943 at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 671 at Microsoft.Bot.Connector.JwtTokenExtractor.<ValidateTokenAsync>d__9.MoveNext() — End of stack trace from previous location where exception was thrown — at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() at Microsoft.Bot.Connector.JwtTokenExtractor.<GetIdentityAsync>d__6.MoveNext()
My nuget packages are:
<package id="Autofac" version="3.5.2" targetFramework="net46" />
<package id="Chronic.Signed" version="0.3.2" targetFramework="net46" />
<package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net46" />
<package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net46" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net46" />
<package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net46" />
<package id="Microsoft.Bot.Builder" version="3.0.1" targetFramework="net46" />
<package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.2.206221351" targetFramework="net46" />
<package id="Microsoft.Rest.ClientRuntime" version="1.8.2" targetFramework="net46" />
<package id="Microsoft.WindowsAzure.ConfigurationManager" version="3.2.1" targetFramework="net46" />
<package id="Newtonsoft.Json" version="8.0.3" targetFramework="net46" />
<package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net46" />
Thanks for your help
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 15 (7 by maintainers)
We have a fix to the Nuget references going in to the next release of the Bot Builder.
I just had the same issue. Could you do something in order to make the System.IdentityModel.Tokens.Jwt 5.0.0 work with Microsoft Bot Framework or if it’s not possible mark the Bot Builder package as not compatible with System.IdentityModel.Tokens.Jwt 5.0.0 in order to prevent people to update it when managing Nuget packages ?
Thank you 😃 , after using a backedup project before the updates and just updating Microsoft.Bot.Builder from 3.0.0 > 3.1.0 it works fine 😃
apparently updating System.IdentityModel.Tokens.Jwt to 5.0.0 and later reverting back to 4.0.2.206221351 messed p the project.