Auth0.OidcClient.Auth0ClientBase.LoginAsync crashes after adding IdentityModel.OidcClient.IdentityTokenValidator to the project

[lszl84]

Checklist

• I have looked into the Readme and the documentation, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Adding login to my MAUI app by following the official Auth0 blog post works well (https://auth0.com/blog/add-authentication-to-dotnet-maui-apps-with-auth0/). LoginAsync() returns correctly, the user can be logged in, etc.

However, simply adding the IdentityTokenValidator package causes the crash. No need to add any other code (this is what the 2nd blog posts recommends: https://auth0.com/blog/managing-tokens-in-dotnet-maui/ )

dotnet add package IdentityModel.OidcClient.IdentityTokenValidator

Now the LoginAsync crashes.

{System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://XXXXXXXXXXXXXX.us.auth0.com:443/.well-known/openid-configuration'. Will retry at '7/18/2024 9:51:15 AM +00:00'. Exception: 'System.TypeLoadException: Could not resolve type with token 0100004e from typeref (expected class 'Microsoft.IdentityModel.Json.JsonConvert' in assembly 'Microsoft.IdentityModel.Tokens, Version=6.34.0.0, Culture=neutral, PublicKeyToken=XXXXXXXXXXX')
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[<GetAsync>d__3](<GetAsync>d__3& stateMachine)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>.GetConfigurationAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()'.
 ---> System.TypeLoadException: Could not resolve type with token 0100004e from typeref (expected class 'Microsoft.IdentityModel.Json.JsonConvert' in assembly 'Microsoft.IdentityModel.Tokens, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35')
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[<GetAsync>d__3](<GetAsync>d__3& stateMachine)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>.GetConfigurationAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__16[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()
   at Auth0.OidcClient.Tokens.JsonWebKeys.GetForIssuer(String issuer)
   at Auth0.OidcClient.Tokens.AsymmetricSignatureVerifier.ForJwks(String issuer)
   at Auth0.OidcClient.Tokens.IdTokenValidator.AssertTokenMeetsRequirements(IdTokenRequirements required, String rawIDToken, Nullable`1 pointInTime, ISignatureVerifier signatureVerifier)
   at Auth0.OidcClient.Auth0ClientBase.LoginAsync(Object extraParameters, CancellationToken cancellationToken)
   at ...ViewModels.LoginViewModel.Login() in /Users/luke/Developer/.../ViewModels/LoginViewModel.cs:line 19}

Reproduction

1. Follow the tutorial and create a MAUI app with working login: https://auth0.com/blog/add-authentication-to-dotnet-maui-apps-with-auth0/
2. Verify that the LoginAsync method works ok
3. dotnet add package IdentityModel.OidcClient.IdentityTokenValidator
4. Now LoginAsync Crashes

Additional context

No response

auth0-oidc-client-net version

1.0.1

.NET version

8.0.302

Platform

Android, iOS

Platform version(s)

any

[lszl84]

It seems that using older version of the mentioned package fixes the problem (5.2.1 instead of 6.0.0 which is installed by default):

<PackageReference Include="IdentityModel.OidcClient.IdentityTokenValidator" Version="5.2.1" />

[AliKarimiENT]

Hello @lszl84
I have faced this issue today
I have added the

**<PackageReference Include="IdentityModel.OidcClient.IdentityTokenValidator" Version="5.2.1" />**
and
**<PackageReference Include="Auth0.OidcClient.MAUI" Version="1.0.1" />**
when I added the latest version of the TokenValidator nuget the login web page didn't display to the user.
Only when I used this version the the web page is displayed otherwise when I call LoginAsync after calling it, returns the response which is not correct.

So finally while I have added this version again I'm getting this exception,
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '***********:443/.well-known/openid-configuration'. Will retry at '8/12/2024 8:12:41 AM +00:00'. Exception: 'System.IO.IOException: IDX20807: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. HttpResponseMessage: '[PII of type 'Xamarin.Android.Net.AndroidHttpResponseMessage' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', HttpResponseMessage.Content: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()'.
---> System.IO.IOException: IDX20807: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. HttpResponseMessage: '[PII of type 'Xamarin.Android.Net.AndroidHttpResponseMessage' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', HttpResponseMessage.Content: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__17[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext()
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__16[[Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration, Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.34.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].MoveNext() at Auth0.OidcClient.Tokens.JsonWebKeys.GetForIssuer(String issuer) at Auth0.OidcClient.Tokens.AsymmetricSignatureVerifier.ForJwks(String issuer) at Auth0.OidcClient.Tokens.IdTokenValidator.AssertTokenMeetsRequirements(IdTokenRequirements required, String rawIDToken, Nullable1 pointInTime, ISignatureVerifier signatureVerifier)
at Auth0.OidcClient.Auth0ClientBase.LoginAsync(Object extraParameters, CancellationToken cancellationToken)
at BobThePhysio.Mobile.Infrastructure.Services.AuthorizationService.LoginAsync() in /Users/alikarimi/Projects/BobDePhisio/src/BobThePhysio.Mobile.Infrastructure/Services/AuthorizationService.cs:line 27`