Signature validation failed. Unable to match 'kid'

Question

i'm using identityserver4 for SSO problem was whenever i restart identityserver client application gets exception for the first time exception message was

An unhandled exception has occurred: Unhandled remote failure. (IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'.) System.AggregateException: Unhandled remote failure. (IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'.) ---> Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match 'kid': 'e57439c26753f8a940888050ab3860fa', token: '{"alg":"RS256","typ":"JWT","kid":"e57439c26753f8a940888050ab3860fa"}.{"nbf":1505114113,"exp":1505114413,"iss":"http://recruiterinsider-qa.wiseatom.com:85","aud":"empite.rip","nonce":"636407108987016790.OTIyYzNhOGYtZmY1OS00NDQyLThmNDUtYWNkOTA1NDEyM2JmYTlkYWRjNDMtNDRmMC00YmQxLWI2MGQtOTI2MDYzNDYxMTUy","iat":1505114113,"c_hash":"Bc0qZ4ezhn0-wB-e9rDp8g","sid":"135b1b1f352674ab3b80846fef6ad0d8","sub":"94e570f7-920f-426e-b0db-e4f871323149","auth_time":1505114112,"idp":"local","amr":["pwd"]}'. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.ValidateToken(String idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, JwtSecurityToken& jwt) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__20.MoveNext() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.<HandleRemoteCallbackAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

so i change AddTemporarySigningCredential to AddDeveloperSigningCredential still i'm getting error when ever i restart identityserver

how to fix this issue?

Answer 1

Your issue could be related to this. Check the official docs

During development you might sometimes see an exception stating that the token could not be validated. This is due to the fact that the signing key material is created on the fly and kept in-memory only. This exception happens when the client and IdentityServer get out of sync. Simply repeat the operation at the client, the next time the metadata has caught up, and everything should work normal again.