.NET 8.0 incompatibility with HS256

[sherlock1982]

I use IJwtService with the following code to generate access token:

        var credentials = await jwtService.GetCurrentSigningCredentials();
        var tokenDescriptor = _jwtSecurityTokenHandler.CreateJwtSecurityToken(_issuer, _issuer,
            new ClaimsIdentity(claims), expires: DateTime.UtcNow.AddMinutes(60), signingCredentials: credentials);

I get here:

System.NotSupportedException: 'IDX10621: 'Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider' supports: 'Microsoft.IdentityModel.Tokens.SecurityKey' of types: 'Microsoft.IdentityModel.Tokens.AsymmetricSecurityKey' or 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey'. SecurityKey received was of type 'Microsoft.IdentityModel.Tokens.JsonWebKey'.'

Might be related to

Workaround is not to use HS256

[brunobritodev]

I encountered the same issue and solved it by cleaning old keys from the ASP.NET DataProtection folder, eg: C:\Users\<user>\AppData\Local\ASP.NET\DataProtection-Keys. It's a workaround. But I'm don't know why the parameters of the Key became blank after the upgrade to .NET 8. It needs a further investigation

[anderjoy]

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

I encountered the same problem but I didn't update to .net 8.0. I use persistence with entity framework (MSSQL). The key parameters were left blank for no apparent reason. We resolved this by deleting the table and restarting the API (workaround).

[kirill-gerasimenko-da]

Having the same issue here. Will try to clear up the table as others suggested.

[sherlock1982]

Well If it helps here's an example.

I create a key in .NET 7 and here's what I got in Parameters JSON in .NET 8 (Something that should become ):

{\"AdditionalData\":{},\"Alg\":null,\"Crv\":null,\"D\":null,\"DP\":null,\"DQ\":null,\"E\":null,\"K\":\"CMUA71g93z9hiS8rt9NvOjBbZybfb--E2Z6AQXXKgaEzgH3LPscuSZbxfgkYctXxuiY9JGBsAOZF1huACm0aEw\",\"KeyId\":\"P99aRZA-6lJvOdxziITJ6A\",\"KeyOps\":[],\"Kid\":\"P99aRZA-6lJvOdxziITJ6A\",\"Kty\":\"oct\",\"N\":null,\"Oth\":null,\"P\":null,\"Q\":null,\"QI\":null,\"Use\":null,\"X\":null,\"X5c\":[],\"X5t\":null,\"X5tS256\":null,\"X5u\":null,\"Y\":null,\"KeySize\":512,\"HasPrivateKey\":false,\"CryptoProviderFactory\":{\"CryptoProviderCache\":{},\"CustomCryptoProvider\":null,\"CacheSignatureProviders\":true,\"SignatureProviderObjectPoolCacheSize\":64}}

Natively created key in .NET 8

{\"k\":\"gnq_e_lwxyCCg5BYsEKkG55pmO6_5ovKvSPr3aQ3fAVpVaSDkLeSklKDtJFPfpzESafCje0Qj1gsomig0PYBug\",\"key_ops\":[],\"kid\":\"yOxMeogeghirusdCfGdqBA\",\"kty\":\"oct\",\"oth\":[],\"x5c\":[]}

Well the thing is that this is of course incompatible.
Are there any conversion procedures we can apply?

Any recommendations to avoid it in the future? Maybe serialize in manually?
This is the place where we convert KeyMaterial to JsonWebKey. Maybe we can somehow make this more stable?

JsonWebKey class is Microsoft.IdentityModel.Tokens versions 6.26.1 vs 7.4.0

[sherlock1982]

Ok I found a fix. Can you please make a new build?

public JsonWebKey GetSecurityKey()
{
    return JsonSerializer.Deserialize<JsonWebKey>(Parameters, new JsonSerializerOptions() { 
        PropertyNameCaseInsensitive = true,
    });
}