c# - 签名验证失败。无法匹配 'kid'

Question

我将 identityserver4 用于 SSO 问题是每当我重新启动 identityserver 客户端应用程序时第一次获取异常异常消息是

An unhandled exception has occurred: Unhandled remote failure. (IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'.) System.AggregateException: Unhandled remote failure. (IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'.) ---> Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.ValidateToken(String idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, JwtSecurityToken& jwt) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__20.MoveNext() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.<HandleRemoteCallbackAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

所以我改变AddTemporarySigningCredential至 AddDeveloperSigningCredential每当我重新启动 IdentityServer 时，我仍然会遇到错误

如何解决这个问题？

Answer 1

您的问题可能与此有关。检查official docs

During development you might sometimes see an exception stating that the token could not be validated. This is due to the fact that the signing key material is created on the fly and kept in-memory only. This exception happens when the client and IdentityServer get out of sync. Simply repeat the operation at the client, the next time the metadata has caught up, and everything should work normal again.