c# - ASP.Net 5 - OAuth bearer token (JWT) validation error -

i have been working on system authenticate , authorize users on website using json web tokens. system completed, running error when attempt use [authorize("bearer")] attribute in code. error follows:

system.identitymodel.tokens.securitytokeninvalidsignatureexception occurred message: exception thrown: 'system.identitymodel.tokens.securitytokeninvalidsignatureexception' in microsoft.identitymodel.logging.dll additional information: idx10503: signature validation failed. keys tried: ''. exceptions caught: ''. token: '{"typ":"jwt","alg":"rs256","kid":null}.{"nameid":"6581f5a0-1775-4ce4-8650-a3d7e613b216","unique_name":"alex","aspnet.identity.securitystamp":"8da933c3-0f88-42ea-876d-c07e99d1eecc","iss":"uniti","aud":"uniti","exp":1436849284,"nbf":1436845684}'

i don't understand why isn't testing keys jwt. have rsa key defined in startup file. without further dragging on, have provided code may necessary solve error below.

my startup code (generating key , oauthbearer options):

#region rsa key generation          var rsa = new rsacryptoserviceprovider(2048);         var rsakey = rsa.exportparameters(true);         var key = new rsasecuritykey(rsakey);          services.addinstance(new signingcredentials(key, securityalgorithms.rsasha256signature, securityalgorithms.sha256digest));          #endregion          services.addinstance(new oauthbearerauthenticationoptions         {             securitytokenvalidators = new list<isecuritytokenvalidator>             {                 new jwtsecuritytokenhandler()             },             tokenvalidationparameters = new tokenvalidationparameters             {                 issuersigningkey = key,                 validissuer = "uniti",                 validaudience = "uniti"             },         });          services.addauthorization();         services.configureauthorization(auth =>         {             auth.addpolicy("bearer", builder =>             {                 builder.addauthenticationschemes(oauthbearerauthenticationdefaults.authenticationscheme);                 builder.requireauthenticateduser();             });         }); 

my token generation code:

var claimsidentity = (claimsidentity) user.identity;              var handler = beareroptions.securitytokenvalidators.oftype<jwtsecuritytokenhandler>().first();             var securitytoken = handler.createtoken(                 issuer: "uniti",                 audience: "uniti",                 signingcredentials: bearercredentials,                 subject: claimsidentity                 );              var token = handler.writetoken(securitytoken); 

am forgetting add somewhere, or generating keys incorrectly? ahead of time if can me!

i bet it's due incorrect way of registering oauth2 bearer options, explained in previous answer: https://stackoverflow.com/a/31322654/542757

services.addinstance(new oauthbearerauthenticationoptions()); 

when use services.addinstance, oauth2 bearer middleware unable retrieve options (and thus, key), internally uses ioptions<oauthbearerauthenticationoptions> , not oauthbearerauthenticationoptions.

this correct way register oauth2 bearer options:

services.configureoauthbearerauthentication(options => {     // configure options used oauth2 bearer middleware. });