[Bug] JWE header alg attribute with value http://www.w3.org/2001/04/xmlenc#rsa-oaep instead of RSA-OAEP

[RogerioWagner]

Which version of Microsoft.IdentityModel are you using?

Microsoft.IdentityModel 6.30.1

Where is the issue?

• [ X] M.IM.JsonWebTokens
• M.IM.KeyVaultExtensions
• M.IM.Logging
• M.IM.ManagedKeyVaultSecurityKey
• M.IM.Protocols
• M.IM.Protocols.OpenIdConnect
• M.IM.Protocols.SignedHttpRequest
• M.IM.Protocols.WsFederation
• M.IM.TestExtensions
• [ X] M.IM.Tokens
• M.IM.Tokens.Saml
• M.IM.Validators
• M.IM.Xml
• [X ] S.IM.Tokens.Jwt
• Other (please describe)

Is this a new or an existing app?

The app is in production and next release requires interoperability with other apps written in different languages (ie: GoLang)

Repro

*SigningCredentials and EncryptingCredentials was created using a X509Certificate2 with public and private keys

            SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
            {
                Issuer = _openIdConfigurationService.OpenIdConfiguration.Issuer,
                IssuedAt = issuedAt,
                Subject = request.Claims,
                NotBefore = issuedAt.AddSeconds(-1),
                Expires = expires,
                SigningCredentials = credentials.SigningCredentials,
                EncryptingCredentials = credentials.EncryptingCredentials,
                TokenType = "JWE"
            };

            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
            JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);

Expected behavior

Algorithm (alg) should be one of the registered at IANA "JSON Web Signature and Encryption Algorithms" (https://www.iana.org/assignments/jose/jose.xhtml) as described on topic 4.1.1 of RFC7516 (https://datatracker.ietf.org/doc/html/rfc7516#page-12)

{
  "alg": "RSA-OAEP",
  "enc": "A128CBC-HS256",
  "kid": "0758B2A8DF6B980E569421870D7CFE29E65D26EB",
  "typ": "JWE",
  "cty": "JWT"
}

Actual behavior

{
  "alg": "http://www.w3.org/2001/04/xmlenc#rsa-oaep",
  "enc": "A128CBC-HS256",
  "kid": "0758B2A8DF6B980E569421870D7CFE29E65D26EB",
  "typ": "JWE",
  "cty": "JWT"
}

Possible solution
Change the KeyWrapper providers to declare header alg complaint to IANA document

[brentschmaltz]

@RogerioWagner sorry for the hassle, we will fix this.

[RogerioWagner]

@brentschmaltz, thanks for the reply! I have a test environment where a Go client need to validate and decrypt a JWE issued by a dotnet core service, count on me to help test the new version identity model assembly

[jennyf19]

@brentschmaltz, thanks for the reply! I have a test environment where a Go client need to validate and decrypt a JWE issued by a dotnet core service, count on me to help test the new version identity model assembly

Just saw this @RogerioWagner , thanks for offering to test the new version. It's already out, we had to hit .NET 8's RC 2 with a non-preview version. If you have any feedback on 7.0.0, we would love to hear it. I assume this issue is still present in 7.0.0?

[RogerioWagner]

@brentschmaltz, thanks for the reply! I have a test environment where a Go client need to validate and decrypt a JWE issued by a dotnet core service, count on me to help test the new version identity model assembly

Just saw this @RogerioWagner , thanks for offering to test the new version. It's already out, we had to hit .NET 8's RC 2 with a non-preview version. If you have any feedback on 7.0.0, we would love to hear it. I assume this issue is still present in 7.0.0?

Hi @jennyf19, sorry for the delay I was OOF and did not saw your post.

I think it's not fixed yet; I bumped the System.IdentityModel.Tokens.Jwt to version 7.0.1 and the JWE issued had the below header:

{
  "alg": "http://www.w3.org/2001/04/xmlenc#rsa-oaep",
  "enc": "A128CBC-HS256",
  "kid": "1359A14E054F33548B84BF8521997162EE6CC443",
  "typ": "JWE",
  "cty": "JWT"
}

Let me know if I can contribute with any further information.

[brentschmaltz]

@RogerioWagner thanks, we will look into this.
@jennyf19 this will work with our assemblies because we treat "http://www.w3.org/2001/04/xmlenc#rsa-oaep" and "RSA-OAEP" as the same, interop could be broken.