Identityserver4: The signature key was not found

Created on 11 Oct 2016 · 4Comments · Source: IdentityServer/IdentityServer4

Whenever I change something at server side which causes a restart or recompile I only get 401s containing this header:

WWW-Authenticate:Bearer error="invalid_token", error_description="The signature key was not found"

I have identity server and my api in the same project. In identity server 3 we had to configure a signing certificate. I did not see that in your examples, which felt quite strange.

What am I doing wrong? Or do i have to add the certificate? How?

question

Source

mbeckenbach

Most helpful comment

Is AddSigningCredential the new name for SetSigningCredential or are these different?

FrankV01 on 2 Feb 2018

👍2

All 4 comments

you are probably using the AddDeveloperIdentityServer extension method.

This will set a temp. signing key which will recycle with every start. You can use the SetSigningCredential method to set an explicit one.

leastprivilege on 11 Oct 2016

👍1

@leastprivilege Thank you.

As i dont need in memory stores anymore, I replaced AddDeveloperIdentityServer with AddIdentityServer and added a certificate. Works fine like this now:

/*
* Use powershell as administrator to create a new dev certificate:
* New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname some.testingdomain.internal
* Then export using mmc (include private key)
*/

var contentRootPath = _environment.ContentRootPath;
var cert = new X509Certificate2(Path.Combine(contentRootPath, "devcert.pfx"), "password");

services.AddIdentityServer()
.SetSigningCredential(cert)
.....

mbeckenbach on 11 Oct 2016

👍1

Is AddSigningCredential the new name for SetSigningCredential or are these different?

FrankV01 on 2 Feb 2018

👍2

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.