I wanted to support JWT(Json Web Token) on my WebAPI application that uses WIF 4.5.
I'm using the System.IdentityModel.Tokens.Jwt 5.0.0 nuget package that has a JWTSecurityTokenHandler that seems to integrate with older versions of WIF.
The problem is that the handler derives the Microsoft.IdentityModel.Tokens.SecurityTokenHandler and not from System.IdentityModel.Tokens.SecurityTokenHandler as the config section expects.
I therefore get an understandable exception:
Parser Error Message: ID1029: The custom type is not suitable because it does not extend the correct base class.
CustomType: 'System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
BaseClass: 'System.IdentityModel.Tokens.SecurityTokenHandler'
My configuration looks like:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:49482/" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt" />
<securityTokenHandlerConfiguration>
<certificateValidation certificateValidationMode="PeerTrust" />
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
How can I support JWT on WIF 4.5? Is there any way I can use this package for doing that? Am I doing something wrong?
This package is written against .net standard 1.4, which does not include the System.IdentityModel APIs, so the package does not have integration with WIF.
Based on https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/94 if you want to use System.IdentityModel through the WIF configuration, you'll need to go back to version 3.x of the package.
You could of course always write your own System.IdentityModel.Tokens.SecurityTokenHandler implementation which wrap Microsoft.IdentityModel.Tokens.SecurityTokenHandle