Microsoft.AspNetCore.Authentication.JwtBearer Update Dependency

[cristianoaloigiGB]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

Describe the bug

The latest version of Microsoft.AspNetCore.Authentication.JwtBearer (10.0.1) has a dependency on Microsoft.IdentityModel.Protocols.OpenIdConnect >= 8.0.1. When using the package without explicitly specifying a version for the dependency, authentication fails with a MethodNotFoundException.

Workaround

The issue is resolved by explicitly forcing the version of Microsoft.IdentityModel.Protocols.OpenIdConnect to its latest version (currently 8.15.0):

<ItemGroup>
  <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
  <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="8.15.0" />
</ItemGroup>

Root Cause

The dependency constraint Microsoft.IdentityModel.Protocols.OpenIdConnect >= 8.0.1 allows NuGet to resolve to version 8.0.1, which appears to be missing the required Base64UrlEncoder.Decode method signature that Microsoft.AspNetCore.Authentication.JwtBearer 10.0.1 expects.

Suggested Fix

Update the package dependency to require a minimum version that includes the necessary API:

<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="[8.15.0,)" />

Or use a more restrictive version range that ensures compatibility.

Environment

• ASP.NET Core version: [Your version, e.g., 10.0]
• Microsoft.AspNetCore.Authentication.JwtBearer version: 10.0.1
• Microsoft.IdentityModel.Protocols.OpenIdConnect version (resolved): 8.0.1
• Target framework: [e.g., net10.0]
• OS: [Your OS]

Expected Behavior

Authentication should succeed with a valid JWT token.

Steps To Reproduce

1. Install Microsoft.AspNetCore.Authentication.JwtBearer version 10.0.1
2. Configure JWT Bearer authentication in a .NET application
3. Attempt to authenticate with a valid JWT token

Exceptions (if any)

[Authentication failed]
[1º] Method not found: 'Void Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.ReadOnlySpan`1<Char>, System.Span`1)'.

[2º] IDX14102: Unable to decode the header '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string.

.NET Version

10.0.1

Anything else?

No response

[MackinnonBuck]

@cristianoaloigiGB , would you be able to provide us with a minimal repro project, hosted on GitHub as a public repository? That way we can see the exact scenario that causes the exception and reproduce it on our end. Thanks.