[release/9.0] Fix loading dotnet user-jwts config by github-actions[bot] · Pull Request #59473 · dotnet/aspnetcore (original) (raw)

Backport of #59425 to release/9.0

/cc @halter73

Fix loading dotnet user-jwts config

Description

This PR fixes a bug introduced in .NET 9 that caused the JwtBearerHandler to reject JWT tokens created by dotnet user-jwts create despite the tool correctly setting the necessary configuration. The issue was caused by the JwtBearerHandler not loading the user-jwts IssuerSigningKeys from user-secrets configuration.

Fixes #58996

Customer Impact

Without this fix, the functionality of dotnet user-jwts is broken when referencing the Microsoft.AspNetCore.Authentication.JwtBearer 9.0 NuGet package. There is a workaround of manually reading the IssuerSigningKeys from config, but this isn't at all discoverable unless you find the GitHub issue.

builder.Services.AddAuthentication("Bearer").AddJwtBearer(o => { o.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("Authentication:Schemes:Bearer:SigningKeys:0").GetValue("Value"))); });

Regression?

• Yes
• No

This behavior regressed between .NET 8 and .NET 9.

Risk

• High
• Medium
• Low

This is a one-line change that is now covered by both end-to-end and unit testing introduced in this PR.

Verification

• Manual (required)
• Automated

Packaging changes reviewed?

• Yes
• No
• N/A