Signature validation failed. No security keys were provided to validate the signature

Question

I configure the IdentityServer4 and tried to protect the web API with jwt token. Here when I call the api with token I get

IDX10500: Signature validation failed. No security keys were provided to validate the signature.

Web API I have registered the service as below

services
.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
    options.Authority = Environment.GetEnvironmentVariable("https://localhost:44394/");
    options.RequireHttpsMetadata = false;
    options.ApiName = "api1";
});

This is the detail log

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Failed to validate the token.

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: BearerIdentityServerAuthenticationJwt was not authenticated. Failure message: IDX10500: Signature validation failed. No security keys were provided to validate the signature.

Can some one help me to sort this out?

Answer 1

The problem is that you didn't set an authority. When you debug you'll see that Environment.GetEnvironmentVariable("https://localhost:44394/") is in fact null.

In order to solve this replace it with a valid variable or use an alternative source.