When developing ASP.NET Core web applications, it is common to interact with JWTs (JSON Web Tokens). Quite often you will want to validate JWTs and possibly even generate your own JWTs to secure API endpoints.
However, it’s not always plain sailing when it comes to software development. After updating certain Microsoft NuGet packages to newer versions, it is possible that you could be faced with a runtime exception that is similar to the following.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
---> System.IdentityModel.Tokens.Jwt.JsonExtensions' threw an exception. System.TypeLoadException: Could not load type 'Microsoft.IdentityModel.Json.JsonConvert' from assembly 'Microsoft.IdentityModel.Tokens, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectionConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
...
The full exception stack trace has been truncated, but you get the idea!
The exception details indicate an issue loading the JsonConvert type when attempting to retrieve OpenID Connect configuration data via the OpenIdConnectionConfigurationRetriever.GetAsync method.
In this post, I will explain how you can resolve this particular issue in your application.
Issue background
As I alluded to in the introduction, the issue with loading the JsonConvert type normally comes to light following an update to the latest versions of JWT-related NuGet packages.
In the particular case that I came across recently, it was an update to the following NuGet package that triggered the issue.
Microsoft.AspNetCore.Authentication.JwtBearer
The above package was updated from a 6.x version to version 7.0.11.
It turns out that when you dig into the dependencies of the ‘JwtBearer’ package, even though it is version 7.x, it still depends on some older 6.x packages. This applies to Microsoft.IdentityModel.Protocols.OpenIdConnect, which in turn depends on System.IdentityModel.Tokens.Jwt.
The problem is that the older version 6.x packages use types that no longer exist in the newer version 7.x packages. This is what triggers the runtime exception when attempting to load the JsonConvert type.
It’s possible that in your scenario, the exception details are slightly different depending on what JWT-related code your application is executing. Despite this, if the exception you are seeing indicates an issue with loading the JsonConvert type, then the solutions that I document in the following section should still apply to you.
Note that the System.InvalidOperationException that you can see at the beginning of the exception details shown in the introduction is a red herring and it is not related to the issue with loading types. However, if you want to, you can resolve it by adding the following code to your start-up logic.
if (app.Environment.IsDevelopment()) { IdentityModelEventSource.ShowPII = true; }
This will result in PII (Personally Identifiable Information) only being included within error logs when in development.
Solutions
This issue with loading types is reminiscent of some of the older .NET Framework “dependency hell” we’ve had to deal with in the past, but thankfully these kinds of issues are easier to resolve since the advent of .NET Core.
Let’s look at two possible solutions in the following subsections.
Package downgrade ⏬
Okay, so I’m not advocating this approach per se, but it is an option to be considered.
If you want to rid yourself of the error, you can consider downgrading your JWT-related NuGet packages to the older version 6.x packages so that the dependency issues that cause the type load errors do not come to light.
Downgrading packages should resolve the problem until Microsoft hopefully fixes the issue in newer package versions. However, this doesn’t feel like progress and sometimes it’s a bit difficult to do this if you already have your own NuGet packages published that include a dependency on the newer JWT packages.
What else can we do?
Explicit package reference 📦
My preferred solution is to add an explicit NuGet package reference to resolve the dependency issue.
To do this, add the following line within an ItemGroup node in the .csproj file of the project that contains the code that is throwing the exception at runtime.
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0" />
Note that you should adjust the version accordingly, as there is likely a newer version available since the time of writing.
Now the issue should magically disappear, nice!
Summary
In this post, I have documented how to fix the “Could not load type ‘Microsoft.IdentityModel.Json.JsonConvert'” runtime exception in an ASP.NET Core web application.
I first of all explained the background of the issue so that you can understand why it is occurring.
I then proceeded to explain two possible solutions to the issue, with the second one being the most favourable in my opinion as it will allow you to move forward with the newest package versions.
Comments