Signature validation failed.Unable to match 'kid'


#1

We are trying to integrate our custom application written in .net core mvc with our customer’s Okta (organization created from IT product / not from developer.okta)

Before that, I am testing with the following quickstart.

Receiving 'SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match ‘kid’: ‘nSLf9FeEKRKTwBoEwU0d-Kmk7tJAY6oFQuFLqdtPM1U’, error.

Testing with organization created in developer.okta seems ok.


#2

Hi @ynpp,

I suggest you to use the latest version of our middleware https://github.com/okta/okta-aspnet, in the README you will find all the info you need.
Also, you can find samples here: https://github.com/okta/samples-aspnetcore.

We are planning to release an stable version these days with the corresponding quicktarts, stay tuned!


#3

Hi Laura @laura.rodriguez,

Our customer does not have API AM in their sandbox. For some reasons, they are not going to enable API AM.
In that case, will this milddleware handle the token validation for the organization without authorization server?

Here is the error I am getting when trying with organization without API AM.

An unhandled exception occurred while processing the request.

HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).

System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()

IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden]’.

Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+<GetDocumentAsync>d__8.MoveNext()

InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.

Microsoft.IdentityModel.Protocols.ConfigurationManager+<GetConfigurationAsync>d__24.MoveNext()