As the title says, getting an:
"IDX10609: Decryption failed. No Keys tried: token: 'System.String'."
Error when trying to authenticate. Using Openiddict for the auth server. I'm sure I've got something configured wrong within it or the api server but I can't figure out what. I've been trying different combinations and just stuck at the moment. this is auth server config:
public void ConfigureServices(IServiceCollection services) { services.AddDbContext<TrustContext>(options => { options.UseSqlServer(Configuration.GetConnectionString("Trust"), b => b.MigrationsAssembly("Application.Trust")); options.UseOpenIddict(); }); services.AddDefaultIdentity<AspNetUsers>() .AddEntityFrameworkStores<TrustContext>() .AddDefaultTokenProviders(); services.Configure<IdentityOptions>(options => { options.ClaimsIdentity.UserNameClaimType = Claims.Name; options.ClaimsIdentity.UserIdClaimType = Claims.Subject; options.ClaimsIdentity.RoleClaimType = Claims.Role; }); services.AddOpenIddict() // Register the OpenIddict core components. .AddCore(options => { options.UseEntityFrameworkCore() .UseDbContext<TrustContext>(); }) .AddServer(options => { options.IgnoreEndpointPermissions() .IgnoreGrantTypePermissions() .IgnoreScopePermissions(); // Enable the authorization, logout, token and userinfo endpoints. options.SetAuthorizationEndpointUris("/connect/authorize") .SetLogoutEndpointUris("/connect/logout") .SetTokenEndpointUris("/connect/token") .SetUserinfoEndpointUris("/connect/userinfo"); options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, Scopes.OpenId); options.AllowAuthorizationCodeFlow() .AllowPasswordFlow() .AllowImplicitFlow() .AllowHybridFlow() .AllowRefreshTokenFlow(); options.AddDevelopmentEncryptionCertificate() .AddDevelopmentSigningCertificate(); options.AcceptAnonymousClients(); options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough() .EnableLogoutEndpointPassthrough() .EnableTokenEndpointPassthrough() .EnableUserinfoEndpointPassthrough() .EnableStatusCodePagesIntegration(); }) .AddValidation(options => { options.UseLocalServer(); options.UseAspNetCore(); });API server config:
IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"https://localhost:44395/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); OpenIdConnectConfiguration openIdConfig = configurationManager.GetConfigurationAsync(CancellationToken.None).Result; services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.IncludeErrorDetails = true; options.TokenValidationParameters.ValidateIssuer = true; options.TokenValidationParameters.ValidateAudience = false; options.TokenValidationParameters.ValidateIssuerSigningKey = false; options.TokenValidationParameters.ValidIssuer = "https://localhost:44395"; options.TokenValidationParameters.ValidAudiences = new[] { "resource_server_1" }; options.TokenValidationParameters.IssuerSigningKeys = openIdConfig.SigningKeys; options.Events = new JwtBearerEvents() { OnAuthenticationFailed = c => { c.NoResult(); c.Response.StatusCode = 500; c.Response.ContentType = "text/plain"; return c.Response.WriteAsync("An error occured processing your authentication. " + c.Exception.Message); } }; });I've had it working with keycloak being the auth server but when I swapped over to OpenIddict I end up with the above error. I think possibly I'm missing a signing key or maybe something is wrong in my config/client configuration?