Botframework-sdk: Invalid token - Bot 3

Created on 13 Jul 2016 · 15Comments · Source: microsoft/botframework-sdk

Hi,

I just create a new Bot, but I have an Invalid token error with the Bot Channel Emulator (3.0.0.57).
The stack:

iisexpress.exe Warning: 0 : Invalid token. System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 2,
Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x3270BF5597004DF339A4E62224731B6BD82810A6),
Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: '{"typ":"JWT","alg":"RS256","x5t":"MnC_VZcATfM5pOYiJHMba9goEKY","kid":"MnC_VZcATfM5pOYiJHMba9goEKY"}.{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/","iat":1468407317,"nbf":1468407317,"exp":1468411217,"appid":"232f17e2-eef5-4f53-b892-c0afbad14617","appidacr":"1","idp":"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/","tid":"72f988bf-86f1-41af-91ab-2d7cd011db47","ver":"1.0"}'.
at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 943
at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 671
at Microsoft.Bot.Connector.JwtTokenExtractor.d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.Bot.Connector.JwtTokenExtractor.d__6.MoveNext()

My nuget packages are:

<package id="Autofac" version="3.5.2" targetFramework="net46" />
  <package id="Chronic.Signed" version="0.3.2" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.Bot.Builder" version="3.0.1" targetFramework="net46" />
  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.2.206221351" targetFramework="net46" />
  <package id="Microsoft.Rest.ClientRuntime" version="1.8.2" targetFramework="net46" />
  <package id="Microsoft.WindowsAzure.ConfigurationManager" version="3.2.1" targetFramework="net46" />
  <package id="Newtonsoft.Json" version="8.0.3" targetFramework="net46" />
  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net46" />

Thanks for your help

Source

NicolasHumann

Most helpful comment

We have a fix to the Nuget references going in to the next release of the Bot Builder.

dandriscoll on 17 Oct 2016

👍3

All 15 comments

@NicolasHumann can you email us at [email protected]. I want you to help us diagnosing this issue by creating a minidump with heap from this error case and share it with us. Since minidumps are large, probably it makes sense to email us first and I give you a share to copy the minidump in.

msft-shahins on 15 Jul 2016

Same exact issue

efvincent on 26 Jul 2016

We made some auth fixes in the C# BotBuilder 3.1.0. Can you upgrade to the latest Nuget package and see if the problem recurs?

dandriscoll on 4 Aug 2016

BEFORE UPDATING Nuget Package

2016-08-08T02:24:16 Welcome, you are now connected to log-streaming service.
Application: 2016-08-08T02:24:21 PID[7072] Warning Invalid token. System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
Application: (
Application: IsReadOnly = False,
Application: Count = 2,
Application: Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x61B44041161C13F9A8B56549287AF02C16DDFFDB),
Application: Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
Application: )
Application: ',
Application: token:

"myToken"

Application: at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 943
Application: at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 671
Application: at Microsoft.Bot.Connector.JwtTokenExtractor.d__9.MoveNext()
Application: --- End of stack trace from previous location where exception was thrown ---
Application: at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
Application: at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Application: at Microsoft.Bot.Connector.JwtTokenExtractor.d__6.MoveNext()

AFTER UPDATING Nuget Package : System.IdentityModel.Tokens.Jwt

im not getting any error from the server, but :
500 internal server error
{
"message": "An error has occured."
}

from channel emulator

stucko on 8 Aug 2016

Are you using the latest nuget? Do you have the right Microsoft App Id and app password? I assume that you have replaced the token that you have with "mytoken" value. Is that true? What is the Microsoft App id for your bot?

msft-shahins on 8 Aug 2016

yes here is my token :
{"typ":"JWT","alg":"RS256","x5t":"YbRAQRYcE_motWVJKHrwLBbd_9s","kid":"YbRAQRYcE_motWVJKHrwLBbd_9s"}.{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/","iat":1470620444,"nbf":1470620444,"exp":1470624344,"appid":"aa2f9ddd-2762-401f-843a-8c8cd9f7093f","appidacr":"1","idp":"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/","tid":"72f988bf-86f1-41af-91ab-2d7cd011db47","ver":"1.0"}'.

do i have to update anything else after updating System.IdentityModel.Tokens.Jwt to v5.0.0?

stucko on 8 Aug 2016

You only need to update the builder nuget to 3.1. we still depend on System.IdentityModel.Tokens.Jwt 4.0.2.206221351.

msft-shahins on 8 Aug 2016

AFTER UPDATING Microsoft.Bot.Builder from 3.0.0 > 3.1.0 and REVERTING System.IdentityModel.Tokens.Jwt 5.0.0 > 4.0.2.206221351

again server doesnt show any error but this time i get from the emulator json reply :
Could not load file or assembly 'System.IdentityModel.Tokens.Jw' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

stucko on 8 Aug 2016

It means that your project doesn't have the right version of one of the builder's dependencies.

msft-shahins on 8 Aug 2016

Thank you :) , after using a backedup project before the updates and just updating Microsoft.Bot.Builder from 3.0.0 > 3.1.0 it works fine :)

apparently updating System.IdentityModel.Tokens.Jwt to 5.0.0 and later reverting back to 4.0.2.206221351 messed p the project.

stucko on 8 Aug 2016

👍1

I just had the same issue. Could you do something in order to make the System.IdentityModel.Tokens.Jwt 5.0.0 work with Microsoft Bot Framework or if it's not possible mark the Bot Builder package as not compatible with System.IdentityModel.Tokens.Jwt 5.0.0 in order to prevent people to update it when managing Nuget packages ?