asp.net-web-apioauthowinjwt

JwtBearerAuthenticationOptions does not contain a definition for IssuerSecurityTokenProviders


Currently following this tutorial on how to implement OAuth JWT Authentication. Stuck on two things at the moment which have become a bit of a pain to solve.

  1. This code below throws 'definition' and 'namespace' errors.
app.UseJwtBearerAuthentication(
                new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    AllowedAudiences = new[] { audienceId },
                    IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                    {
                        new SymmetricKeyIssuerSecurityTokenProvider(issuer, audienceSecret)
                    }
                });

As shown in the image below are the errors: enter image description here

Not sure why I am getting this error as all the necessary packages are installed. On the other IssuerSecurityKeyProviders exists instead if I chose to use this one or run the build with the errors, it will generate the token but when I try to access any of the authroised endpoints on the api I get the dreaded "message": "Authorization has been denied for this request."

When i debug the token all seems to be matching. The issuer is the same, the audience id is the same and the user does exist in the database too but the changepassword endpoint always fails as shown in the screenshot below.

enter image description here

Last but not least looking for a good tutorial I can follow to help me get up and running with Web API Authentication using JWT and OWIN. Most are outdated and the packages have changed over the years for example this one and it is hard finding answers to problems encountered. A touch frustrating


Solution

  • Newer versions of the "Microsoft.Owin.Security.Jwt" library may have had some renaming that needs to be taken into account. Try this instead:

            // Api controllers with an [Authorize] attribute will be validated with JWT
            app.UseJwtBearerAuthentication(
                new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    AllowedAudiences = new[] { audienceId },
                    IssuerSecurityKeyProviders = new IIssuerSecurityKeyProvider[] {
                        new SymmetricKeyIssuerSecurityKeyProvider(issuer, audienceSecret)
                    }
                });
    

    This essentially substitutes "IssuerSecurityKeyProviders" in place of "IssuerSecurityTokenProviders" and "IIssuerSecurityKeyProvider" in place of "IIssuerSecurityTokenProvider".