TypeLoadException when we use Microsoft.Owin 4

[ysmoradi]

Microsoft's Owin team is working on new version of Owin/Katana. Microsoft.Owin.Security.Jwt now uses latest version of System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.Tokens nuget package

When I tried to use Microsoft.Owin.Security.Jwt alongside IdentityServer3.AccessTokenValidation, I received following exception:

Could not load type 'Microsoft.Owin.Security.Jwt.IIssuerSecurityTokenProvider' from assembly Microsoft.Owin.Security.Jwt, Version=4.0.0.0 at Owin.IdentityServerBearerTokenValidationAppBuilderExtensions

[brunosantos]

Hello ysmoradi, I had a similar issue. But instead of using Microsoft.Owin.Security.Jwt, Version=4.0.0.0
nuget was defaulting to the latest 5.

I solved it by jus removing all packaged that had dependencies with Microsoft.Owin.Security.Jwt and then reinstalling Microsoft.Owin.Security.Jwt V4.0.2.

This is how I solved it:
#164

Hope it helps.

[ysmoradi]

About using IdentityServer4.AccessTokenValidation in .NET full / Web API 2 / Owin app
It's absolutely possible, you can configure owin pipeline on top of asp.net core's pipeline, then you can use IdentityServer4.AccessTokenValidation there. You can also configure asp.net core's pipeline on top of owin servers and pipelines too, so you can do that in a numerous ways.

About "Katana does not support v5.0 of that package" >> This is not true as well. Microsoft.Owin 4 alpha, supports that package. (That happened recently, so it makes scene that you're not aware of that)

The main problem is IdentityServer3.AccessTokenValidation which uses Microsoft.Owin.Security.Jwt behind the scene is not compatible with its new version.

I'm here to discuss about that.

"Microsoft.Owin.Security.Jwt V4.0.2" >> As far as I know, there is no nuget package with this version as you can see here.

[brunosantos]

you can configure owin pipeline on top of asp.net core's pipeline, then you can use IdentityServer4.AccessTokenValidation there

Oh yeah? prove it. Show me your working code sample.
IdentityServer4.AccessTokenValidation's UseIdentityServerBearerTokenAuthentication extension method is only implemented to extend Microsoft.AspNetCore.Builder.IApplicationBuilder (from core) instead of Owin.IAppBuilder.

But if you don't believe me...maybe you can believe in Dominick Baier (you know, the guy that built IdentityServer).

Katana does not support v5.0 of that package" >> This is not true as well

I didn't say that "Katana" doesn't support that. I said "OWIN". Can you tell the difference?

And, again, maybe I can quote Dominick on this:

Well - 5.0 means breaking change. Maybe it's not compatible with the old OWIN middleware.
5.x is not compatible with Katana 3 - it is for .NET Core going forward. You need to stay on 4.x

Apart from that...your comment made sense.

[ysmoradi]

Things have been changed recently. All links you've provided are all about Katana (An owin implementation) version 3.

Microsoft team has released Katana 4 recently (It's alpha although), and it's compatible with System.IdentityModel.Tokens.Jwt V5 Take a look at this issue.

This sample code has web api 2 / owin on top of asp.net core / .net core. You've IApplicationBuilder there, and you can configure identity server 4 access token validation using following code to protect web api 2 controller.

// Call this before dependencyManager.RegisterDefaultWebApiConfiguration();
dependencyManager.RegisterAspNetCoreMiddlewareUsing(aspNetCoreApp =>
{
     // aspNetCoreApp is IApplicationBuilder, and you can configure identity server 4 access token validation using that.
});

To have better understanding, you can read our docs

This code in asp.net core's repository allows you to run owin pipeline on top of asp.net core's pipeline and vice e versa.
You can also run asp.net core apps on top of owin servers and vice e versa too.

[ysmoradi]

Preview version of Owin 4 is released. Nothing changed?https://www.nuget.org/packages/Microsoft.Owin.Security.Jwt/4.0.0-preview1