asp.net-mvcwifthinktecture-ident-serverthinktecture-ident-model

MVC5 allow relying party to use JWT security tokens


I am using Thinktecture IdentityServer v2, the Relying Party token type is set to none. The code runs fine with this setting.

I am looking to use JWT tokens so I have a common interface from my MVC app to the API, and also from phone/tab app clients to the API.

When I set the token type to JWT, I sign in on IdentityServer then it throws the following error:

ID4014: A SecurityTokenHandler is not registered to read security token ('BinarySecurityToken', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd').

I created a standard MVC app and had set the Authentication to Organizational Accounts -> On premise, and had set On-Premises Authority to the IdentityServer metadata url.

I plan to call WCF from the MVC app (and perhaps even javascript code on other platforms).

So far I have installed the specific JWT handler Update-Package System.IdentityModel.Tokens.Jwt -Version 3.0.2 (v4.0.0 has an issue apparently with Thinktecture IdentityServer v2) and then set the web.config to include:

However I then get a new exception when logging in:

Jwt10315: Signature validation failed. Keys tried: 'No non-null SecurityKeys were found'.
jwt: '{"typ":"JWT","alg":"RS256","x5t":"_rKoogN25ibGWZGC94xaed9g7FE"}.{"iss":"http://identityserver.v2.thinktecture.com/test","aud":"https://localhost:44302/","nbf":1419269158,"exp":1419305158,"nameid":"user","unique_name":"user","authmethod":"http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password","auth_time":"2014-12-22T17:21:43.655Z"}'

How can I have the MVC app so it can consume JWT tokens?


Solution

  • Why do you want to use JWT? Especially when you want to call WCF at some later point - JWT is the wrong choice. WCF works best with SAML tokens.