Signature Validation Failed ASP.NET

jgelinasAries · December 17, 2018, 5:53pm

Seem to have resolved the issue of getting the discoveryDocument created by gleaning other posts. Seems the call succeeds if no await and call to .Result thereafter.

However, after (again following the API documentation), and capturing the signing keys from the discoveryDocument variable, getting the error that 'Signature validation failed. nkid:PII is hidden. ntoken:PII is hidden.

Using my own created development environment at Aries Systems-dev-723639.

Application is Aries EM with corresponding client id.

Original request is :
Preformatted texthttps://dev-723639.oktapreview.com/oauth2/v1/authorize?client_id=0oaiaj7t90eEXe0y20h7&redirect_uri=http://local.editorialmanager.com/jeanspec16017/AscoLoginHandler.aspx&response_type=token&scope=openid&state=‘testing’&prompt=login&nonce=‘currentnonce’&response_mode=form_postPreformatted text

This brings up a login screen to which I log in with password credential and am returned the token to the callback url.

Validation code is as follows and seems to mimic (almost except for the .Result call after GetConfigurationAsync) what is in the Okta API related to .net JWT token validation:

Preformatted textprivate static async Task ValidateAscoToken(string token)
{
try
{

        var issuer = "https://dev-723639.oktapreview.com/oauth2/AriesEMApplication";
        var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
            issuer + "/.well-known/oauth-authorization-server",
            new OpenIdConnectConfigurationRetriever(),
            new HttpDocumentRetriever());
        var cancellationToken = default(CancellationToken);
        var discoveryDocument = configurationManager.GetConfigurationAsync(cancellationToken).Result;
        var signingKeys = discoveryDocument.SigningKeys;

        var validationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = issuer,
            ValidateIssuerSigningKey = true,
            IssuerSigningKeys = signingKeys,
            ValidateLifetime = true,
            ClockSkew = TimeSpan.FromMinutes(5)
        };

        var principal =
            new JwtSecurityTokenHandler().ValidateToken(token, validationParameters, out var rawValidatedToken);

        return (JwtSecurityToken) rawValidatedToken;
    }
    catch (Exception AnyError)
    {
        var anyError = AnyError;
        return null;
    }
}`Preformatted text`