JWT SecurityTokenInvalidSignatureException using RS256 PII is hidden
You can increase your Key length as shown below in appsettings.json
file.
"Jwt": {
"Key": "pintusharmaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqweqwe",
"Issuer": "pintusharma.com"
}
It turns out that the KeySize for X509SecurityKey needs to be at least 1024 in length for verifying. This is not obvious from the exception, since it is hidden with the [PII is hidden] filter.
Adding the following line made the exception text a lot more useful (add to ConfigureServices
method in Startup.cs
):
IdentityModelEventSource.ShowPII = true;
The new exception text:
'System.ArgumentOutOfRangeException: IDX10631: The 'Microsoft.IdentityModel.Tokens.X509SecurityKey' for verifying cannot be smaller than '1024' bits. KeySize: '512'.
Increasing the length of the assymetric key to 1024 solved the problem.