This project has moved and is read-only. For the latest updates, please go here.

Possible Issue In Microsoft.Owin.Security.Jwt

May 12, 2014 at 5:16 PM
I'm not sure if I'm doing something wrong or if there is a bug in my release.
I'm using Microsoft.Owin.Security.Jwt version 2.1.0 from NuGet.

I was having issues getting app.UseJwtBearerAuthentication working and the only error that was being thrown was

Exception:Thrown: "Method not found: 'Void System.IdentityModel.Tokens.TokenValidationParameters.set_AllowedAudiences(System.Collections.Generic.IEnumerable1<System.String>)'." (System.MissingMethodException)
A System.MissingMethodException was thrown: "Method not found: 'Void System.IdentityModel.Tokens.TokenValidationParameters.set_AllowedAudiences(System.Collections.Generic.IEnumerable
1<System.String>)'."

So I made my own app.UseJwtBearerAuthentication by copying the source code into my own project so I could step through and find the problem.

However in my implementation (Exact copy of source code from Katana) everything WORKS perfectly. Token is validated when it should be and fails when it shouldn't.

The error from the NuGet package references setting _AllowedAudiences in TokenValidationParameters but _allowedAudiences is private readonly in JwtFormat.cs and I can't find _AllowedAudiences (Capital A in Allowed) anywhere in Microsoft.Owin.Security.Jwt

Is there a bug in release or am I configuring something incorrectly?
May 12, 2014 at 5:19 PM
Can you share your packages.config file? It sounds like you're referencing the next beta version of System.IdentityModel.Tokens.Jwt.
May 12, 2014 at 5:27 PM
Thanks Tratcher - That's exactly it. I'm running WsFederation Beta on the same site which is pulling loads of Beta packages.
I guess I'll use the "Copy" I made for testing until everything goes into release. Here's my full list of packages in the project

<packages>
<package id="Antlr" version="3.4.1.9004" targetFramework="net45" />
<package id="bootstrap" version="3.0.0" targetFramework="net45" />
<package id="jQuery" version="1.10.2" targetFramework="net45" />
<package id="jQuery.UI.Combined" version="1.9.2" targetFramework="net45" />
<package id="knockoutjs" version="2.2.1" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Core" version="2.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Mvc" version="5.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Razor" version="3.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Web.Optimization" version="1.1.1" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi" version="5.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Client" version="5.1.2" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.1.2" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.HelpPage" version="5.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Owin" version="5.1.2" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.WebHost" version="5.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.WebPages" version="3.0.0" targetFramework="net45" />
<package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.0-beta1" targetFramework="net45" />
<package id="Microsoft.Owin" version="3.0.0-beta1" targetFramework="net45" />
<package id="Microsoft.Owin.Host.SystemWeb" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security" version="3.0.0-beta1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Jwt" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.WsFederation" version="3.0.0-beta1" targetFramework="net45" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
<package id="Modernizr" version="2.6.2" targetFramework="net45" />
<package id="Newtonsoft.Json" version="5.0.6" targetFramework="net45" />
<package id="Owin" version="1.0" targetFramework="net45" />
<package id="Respond" version="1.2.0" targetFramework="net45" />
<package id="System.IdentityModel.Tokens.Jwt" version="4.0.0-beta1" targetFramework="net45" />
<package id="WebGrease" version="1.5.2" targetFramework="net45" />
</packages>
May 12, 2014 at 5:31 PM
https://katanaproject.codeplex.com/workitem/208

This has been fixed in our nightly builds. See https://katanaproject.codeplex.com/ if you want to try those.
Marked as answer by Tratcher on 5/21/2014 at 2:09 PM
May 12, 2014 at 5:34 PM
Edited May 12, 2014 at 5:40 PM
Even better... Thanks Tratcher

Edit - Just updated to Microsoft.Owin.Security.Jwt 3.0.0-beta1 and it works perfectly.

Thanks again for the help.