Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Unhelpful error message with missing dependency for System.Buffers #2058

Closed
1 of 14 tasks
ThreeSevenths opened this issue Apr 21, 2023 · 2 comments · Fixed by #2618
Closed
1 of 14 tasks

[Bug] Unhelpful error message with missing dependency for System.Buffers #2058

ThreeSevenths opened this issue Apr 21, 2023 · 2 comments · Fixed by #2618
Assignees
@ciaozhang
Labels
Customer reported Indicates issue was opened by customer Enhancement The issue is a new feature
Milestone
7.6.1

Comments

@ThreeSevenths
Copy link

Which version of Microsoft.IdentityModel are you using?
Microsoft.IdentityModel.JsonWebTokens 6.29.0

Where is the issue?

  • M.IM.JsonWebTokens
  • M.IM.KeyVaultExtensions
  • M.IM.Logging
  • M.IM.ManagedKeyVaultSecurityKey
  • M.IM.Protocols
  • M.IM.Protocols.OpenIdConnect
  • M.IM.Protocols.SignedHttpRequest
  • M.IM.Protocols.WsFederation
  • M.IM.TestExtensions
  • M.IM.Tokens
  • M.IM.Tokens.Saml
  • M.IM.Validators
  • M.IM.Xml
  • S.IM.Tokens.Jwt
  • Other (please describe)

Is this a new or an existing app?
a. The app is in production and I have upgraded to a new version of Microsoft.IdentityModel.JsonWebTokens

Repro

Create a console net4.8 project. Add a package reference to Microsoft.IdentityModel.JsonWebTokens. Add a simple handler to validate a token, similar to this below.

var handler = new Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler();
var tvp = new TokenValidationParameters();
var result = handler.ValidateToken(token, tvp);

Everything works. Now, remove the System.Buffers.dll from the output directory, simulating the missing dependency. This was my mistake, and I freely admit it.

Expected behavior
I expect that the ValidateToken fails, and in the exception chain, the Assembly missing error is noted. This happens if you ReadToken() instead, which will throw with IDX14102 and the inner exception is the missing dependency.

Actual behavior
ValidateToken() returns with IsValid=false and an un-thrown exception 'IDX14100: JWT is not well formed: {Token or PII warning}, there are no dots (.).' There is no inner exception that the dependency is missing.

Possible solution
This might be down to how the exception handling on the inner ReadToken() is handled.

Additional context / logs / screenshots / links to code
image

I understand that this is not going to be a common problem that developers are going to hit. I am hoping that we can enhance the exception so that the issue would be more easy to identify in the future.

Thank you for all the work you do to make this library.
@brentschmaltz
Copy link
Member

@ThreeSevenths thanks for reporting, anything that will make the product better we will fix when time allows.

@brentschmaltz brentschmaltz added Enhancement The issue is a new feature Customer reported Indicates issue was opened by customer labels Apr 25, 2023
@halter73 halter73 mentioned this issue May 29, 2024
Closed
1 task
@halter73
Copy link
Contributor

dotnet/aspnetcore#52388 shows another example where 'IDX14100: JWT is not well formed: {Token or PII warning}, there are no dots (.).' was a poor error message. The real issue was that the "iat" claim was invalid, but the token did have "dots (.)."

info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
      Failed to validate the token.
      Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
       ---> System.ArgumentException: IDX14101: Unable to decode the payload '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string.
       ---> System.Text.Json.JsonException: IDX11020: The JSON value of type: 'String', could not be converted to 'JsonTokenType.Number'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.iat', Position: '52', CurrentDepth: '1', BytesConsumed: '75'.
         at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadLong(Utf8JsonReader& reader, String propertyName, String className, Boolean read)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreatePayloadClaimSet(Byte[] bytes, Int32 length)
         at Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode[T](String input, Int32 offset, Int32 length, Func`3 action)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreateClaimSet(String rawString, Int32 startIndex, Int32 length, Func`3 action)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
         --- End of inner exception stack trace ---
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
         --- End of inner exception stack trace ---

@halter73 halter73 mentioned this issue May 29, 2024
Merged
@jennyf19 jennyf19 added this to the 7.6.1 milestone Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ciaozhang ciaozhang

Labels
Customer reported Indicates issue was opened by customer Enhancement The issue is a new feature
Projects
None yet
Milestone
7.6.1
5 participants
@halter73 @ThreeSevenths @brentschmaltz @jennyf19 @ciaozhang