JWT Token: 401 Unauthorized and invalid_token Error #62597
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
I am using JWT authentication in my .NET Core Web API project.
After logging in, I receive a token, but when I try to access endpoints protected with [Authorize] using this token, I always get a 401 Unauthorized and Bearer error="invalid_token" error.
Expected Behavior
After a successful login, I should be able to access [Authorize] endpoints using the returned JWT token.
Steps To Reproduce
Login is successful and a token is returned.
When I send a request to a protected endpoint with the token in the header:
HTTP 401 Unauthorized
Response header: www-authenticate: Bearer error="invalid_token"
IDX14102: Unable to decode the header '[Security Artifact of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/SecurityArtifactLogging.]' as Base64Url encoded string.
Exceptions (if any)
What I Have Tried
- I can decode the token on jwt.io and the claims look correct.
- Issuer, Audience, and Key values are exactly the same in both token generation and validation.
- I am sending the token correctly in the Authorization header via Swagger and curl (no extra spaces or line breaks).
- I synchronized the system clock on both my computer and the server.
- I set ValidateLifetime to false, but the error persists.
- The token is not expired and the time claims are correct.
.NET Version
9.0.301
Anything else?
.NET SDK:
Version: 9.0.301
Commit: a596cd22e2
Workload version: 9.0.300-manifests.e42facbb
MSBuild version: 17.14.5+edd3bbf37
Runtime Environment:
OS Name: Windows
OS Version: 10.0.26100
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.301\
.NET workloads installed:
[maui-windows]
Installation Source: VS 17.14.36221.1
Manifest Version: 9.0.51/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maui\9.0.51\WorkloadManifest.json
Install Type: Msi
[maccatalyst]
Installation Source: VS 17.14.36221.1
Manifest Version: 18.5.9199/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maccatalyst\18.5.9199\WorkloadManifest.json
Install Type: Msi
[ios]
Installation Source: VS 17.14.36221.1
Manifest Version: 18.5.9199/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.ios\18.5.9199\WorkloadManifest.json
Install Type: Msi
[android]
Installation Source: VS 17.14.36221.1
Manifest Version: 35.0.78/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.android\35.0.78\WorkloadManifest.json
Install Type: Msi
Configured to use loose manifests when installing new manifests.
Host:
Version: 9.0.6
Architecture: x64
Commit: 3875b54e7b
.NET SDKs installed:
9.0.301 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.17 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 9.0.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 8.0.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.17 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 9.0.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 8.0.12 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.17 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 9.0.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
x86 [C:\Program Files (x86)\dotnet]
registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download