Okta .Net SDK and Microsoft.AspNetCore.Authentication.JwtBearer 8.0.* Nuget Conflict

Running into runtime error “IDX11025: Cannot serialize object of type: ‘System.Guid’ into property: ‘jti’’” when using Okta .Net SDK 8.0.1 along with Microsoft.AspNetCore.Authentication.JwtBearer 8.0.*. The issue does not occur when using Microsoft.AspNetCore.Authentication.JwtBearer 7.0.20.
The Okta Service App is setup to use scoped OAuth 2.0 access tokens with BPoP enabled - [Implement OAuth for Okta with a service app | Okta Developer].

Using sample .net code below:

var privateKey = new JsonWebKeyConfiguration
P = “{{P}}”,
Kty = “RSA”,
Q = “{{Q}}”,
D = “{{D}}”,
E = “{{E}}”,
Kid = “{{Kid}}”,
Qi = “{{Qi}}”,
Dp = “{{Dp}}”,
Dq = “{{Dq}}”,
N = “{{N}}”

var configuration = new Configuration
OktaDomain = “https://{{yourOktaDomain}}”,
AuthorizationMode = AuthorizationMode.PrivateKey,
ClientId = “{{clientId}}”,
Scopes = new List { “okta.users.read”}, // Add all the scopes you need
PrivateKey = privateKey

var usersApiClient = new UserApi(configuration);
var user = await _usersApiClient.GetUserAsync(“{{userId}}”);

Stack Trace:
at Okta.Sdk.Client.DefaultDpopProofJwtGenerator.GenerateJwt(String nonce, String httpMethod, String uri, String accessToken)
at Okta.Sdk.Api.OAuthApi.d__18.MoveNext()
at Okta.Sdk.Api.OAuthApi.d__17.MoveNext()
at Okta.Sdk.Client.DefaultOAuthTokenProvider.d__15.MoveNext()
at Okta.Sdk.Client.DefaultOAuthTokenProvider.d__7.MoveNext()
at Okta.Sdk.Client.DefaultOAuthTokenProvider.d__12.MoveNext()
at Okta.Sdk.Api.UserApi.d__43.MoveNext()
at Okta.Sdk.Api.UserApi.d__42.MoveNext()

Other than downgrading to Microsoft.AspNetCore.Authentication.JwtBearer 7.0.20, any other solutions?


This github issue JTI Claim as a string instead of guid by sachinsatav · Pull Request #682 · okta/okta-sdk-dotnet · GitHub points to the same problem that you are facing, and the work in under process to have this changes into the version 8. You can keep a track here to check by when it will get resolved.

Until then it is suggested that you keep using the version 7.