Latest version of Okta.Sdk is not compatible with Microsoft.IdentityModel.Tokens 8.0.0

[kgerasimov-st]

Describe the bug?

We've just discovered that with the combination

<PackageReference Include="Okta.Sdk" Version="8.0.1" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.0.0" />

and the configuration MaxRetries > 0, the Okta.Sdk stops working and always returns NULL for any request and without any indication of an error for the caller.
The reason is that Microsoft.IdentityModel.Tokens 8.0.0 doesn't have the public extension method Microsoft.IdentityModel.Tokens.CollectionUtilities.IsNullOrEmpty anymore (they made it internal with this PR AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2699), and you are using it in a few places in your code, for example inside the static version of the DefaultOAuthTokenProvider.AddOrUpdateAuthorizationHeader method.
It results in the following error eventually:

Attempt by method 'Okta.Sdk.Client.DefaultOAuthTokenProvider.AddOrUpdateAuthorizationHeader(Polly.Context, RestSharp.RestRequest, System.String)' to access method 'Microsoft.IdentityModel.Tokens.CollectionUtilities.IsNullOrEmpty<System.Char>(System.Collections.Generic.IEnumerable`1<Char>)' failed.

which is not propagated to the caller though.

What is expected to happen?

Okta.Sdk to return either valid result or an error to the caller.

What is the actual behavior?

Okta.Sdk returns NULL as a result and no indication of any error.

Reproduction Steps?

1. Set up the package configuration as following:

<PackageReference Include="Okta.Sdk" Version="8.0.1" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.0.0" />

2. Add the following value into Okta.Sdk.Client.Configuration:
   MaxRetries = 4

3. Call GetUserAsync() method of the UserApi

Additional Information?

No response

.NET Version

8.0.303

SDK Version

8.0.1

OS version

BuildNumber Caption OSArchitecture Version
19045 Microsoft Windows 10 Pro 64-bit 10.0.19045

[laura-rodriguez]

Hi @kgerasimov-st,

Thanks for reporting this issue. I filed an internal JIRA to upgrade IdentityModel dependencies, which the team will have to review and prioritize accordingly.

Internal Ref: OKTA-792270

[kdcllc]

@laura-rodriguez any eta on the fix?

[pdubb29]

I'm also experiencing this issue. Thanks for the find @kgerasimov-st

The workaround I've found to work is downgrade Microsoft.IdentityModel.Tokens to v7.0.0.

[bhavik-thakkar-okta]

Hey @kdcllc thanks for your follow-up. We have currently added this on to our priority list and we will prioritize this accordingly and we will get back to you once its added to our sprint scope for some concrete timelines.

[tom-odon]

+1

[alpesh-patel415]

+1

[alpesh-patel415]

Also waiting on a fix.

[bryanapellanes-okta]

@kgerasimov-st @tom-odon @alpesh-patel415 @pdubb29 @kdcllc This should be resolved in version 8.1.5. Please see #744 . Feel free to reopen if this continues to be an issue.

[tom-odon]

Thanks @bryanapellanes-okta - after upgrading the Okta SDK to 8.1.5 and System.IdentityModel.Tokens.Jwt to 8.0.2 along with transitive dependencies, I am receiving ApiException: Error calling GetBearerToken: {"error":"invalid_dpop_proof","error_description":"The DPoP proof JWT cannot be parsed."}.