Search code examples
c#jwtidentitymodel

Why do I get IDX20803 error after upgrading to IdentityModel v7 from v6?

After upgrading Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt to 7.0.0, I get this error:

IDX20803: Unable to obtain configuration from: 'https://example.com/realms/Development/.well-known/openid-configuration'.

Could not load type 'Microsoft.IdentityModel.Json.JsonConvert' from assembly 'Microsoft.IdentityModel.Tokens, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. Could not load type 'Microsoft.IdentityModel.Json.JsonConvert' from assembly 'Microsoft.IdentityModel.Tokens, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. => Microsoft.IdentityModel.Json.JsonConvert

Before the update, my package references were:

<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.10" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.3" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.3" />
<PackageReference Include="System.Text.Json" Version="7.0.3" />

After the update, my package references are now:

<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.11" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
<PackageReference Include="System.Text.Json" Version="7.0.3" />

What's the issue?

Solution

  • TLDR: add <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0" />

    Based on the release notes, between v6 and v7 of System.IdentityModel.Tokens.Jwt, the JSON serialiser/deserialiser has been changed from Newtonsoft Json.NET to System.Text.Json.

    It has 2 implicit dependencies:

    • Microsoft.IdentityModel.Tokens (that you've made explicit in this case)
    • Microsoft.IdentityModel.JsonWebTokens

    As defined, IdentityModel v7.0.0 also upgrades these implicit dependencies to their corresponding v7.0.0 - as expected & good so far.

    The issue isn't with the upgraded packages but instead, highlights a problem with the Microsoft.AspNetCore.Authentication.JwtBearer package, which would be used alongside.

    This package has an implicit dependency on Microsoft.IdentityModel.Protocols.OpenIdConnect.

    However, the latest Microsoft.AspNetCore.Authentication.JwtBearer v7.0.11 package incorrectly still states that Microsoft.IdentityModel.Protocols.OpenIdConnect v6.15.1 is valid.

    This is wrong in this case, as v6.15.1 isn't compatible with Identity Model 7 & its implicit dependencies.

    The solution is making the Microsoft.IdentityModel.Protocols.OpenIdConnect dependency explicit and specifying v7.0.0 in your project, to override the implicit v6 package - fixing the dependency version mismatch.

    This should be a temporary fix until Microsoft hopefully fix this in their upcoming package updates.

    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0" />

    This is the most minimal set of packages that fix this issue:

    <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.11" />
    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0" />
    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
</ItemGroup>