FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key

    Scheduled Pinned Locked Moved Solved
    Q&A
    1
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mark.robustelliM
      mark.robustelli
      last edited by mark.robustelli

      I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.

      I think it has to do with following message in the guide:
      The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.

      How do I add the required key to FusionAuth?

      Error Message:
      An unhandled exception occurred while processing the request.
      SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
      kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
      Number of keys in TokenValidationParameters: '0'.
      Number of keys in Configuration: '0'.
      Exceptions caught:
      ''.
      token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'.

      1 Reply Last reply Reply Quote 1
      • mark.robustelliM
        mark.robustelli
        last edited by mark.robustelli

        You will have to add the key to your FusionAuth instance as in this post.

        • In the FusionAuth admin page, got to Settings --> Key Master
          e1482d56-5555-4d96-9c6a-1eeef98f87d2-image.png

        • Click "Generate EC key pair"
          90f479ab-302c-4660-8157-03e3a8bfe58e-image.png

        • Fill in the information - I used JWT Signature - Asymmetric RSA Key Pari (RS256) for the name
          5b7ddb83-c764-4000-87f8-cc3384d05429-image.png

        • Go to to Applications in FusionAuth admin and select edit on your application.

        • Select the JWT tab

        • Select Enabled
          b6505e8e-1e2b-46c1-bfa6-56d7bfa0a5ba-image.png

        • In the JSON web token settings select the key you created in the above step.
          becb03a2-81bf-4f1e-be82-34526e8c410f-image.png

        1 Reply Last reply Reply Quote 0
        • mark.robustelliM mark.robustelli has marked this topic as solved on
        • mark.robustelliM mark.robustelli referenced this topic on
        • First post
          Last post