Changes per latest PR comments

AzureAD · Jun 21, 2024 · 40edbce · 40edbce
1 parent 3df1cc9
commit 40edbce
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 25 deletions.
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.CreateToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.CreateToken.cs
@@ -710,7 +710,7 @@ internal static void WriteJwsPayload(
 
             writer.WriteStartObject();
 
-            if (!tokenDescriptor.Audiences.IsNullOrEmpty())
+            if (tokenDescriptor.Audiences.Count > 0)
             {
                 if (!tokenDescriptor.Audience.IsNullOrEmpty())
                     JsonPrimitives.WriteStrings(ref writer, JwtPayloadUtf8Bytes.Aud, tokenDescriptor.Audiences, tokenDescriptor.Audience);
@@ -725,6 +725,7 @@ internal static void WriteJwsPayload(
                 writer.WriteStringValue(tokenDescriptor.Audience);
                 audienceSet = true;
             }
+
             if (!string.IsNullOrEmpty(tokenDescriptor.Issuer))
             {
                 issuerSet = true;
@@ -769,7 +770,7 @@ internal static void WriteJwsPayload(
                             if (LogHelper.IsEnabled(EventLogLevel.Informational))
                             {
                                 string descriptorMemberName = null;
-                                if (!tokenDescriptor.Audiences.IsNullOrEmpty())
+                                if (tokenDescriptor.Audiences.Count > 0)
                                     descriptorMemberName = nameof(tokenDescriptor.Audiences);
                                 else if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
                                     descriptorMemberName = nameof(tokenDescriptor.Audience);

diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs
@@ -367,40 +367,37 @@ protected virtual SamlConditions CreateConditions(SecurityTokenDescriptor tokenD
             else if (SetDefaultTimesOnTokenCreation)
                 conditions.NotOnOrAfter = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes);
 
-            if (!tokenDescriptor.Audiences.IsNullOrEmpty())
+            if (tokenDescriptor.Audiences.Count > 0)
+            {
                 if (!tokenDescriptor.Audience.IsNullOrEmpty())
                     conditions.Conditions.Add(CreateAudienceRestrictionCondition(tokenDescriptor.Audience, tokenDescriptor.Audiences));
                 else
                     conditions.Conditions.Add(CreateAudienceRestrictionCondition(tokenDescriptor.Audiences));
-
-            else if(!tokenDescriptor.Audience.IsNullOrEmpty())
-                conditions.Conditions.Add(CreateAudienceRestrictionCondition(tokenDescriptor.Audience));
+            }
+            else if (!tokenDescriptor.Audience.IsNullOrEmpty())
+            {
+                conditions.Conditions.Add(new SamlAudienceRestrictionCondition(new Uri(tokenDescriptor.Audience)));
+            }
 
             return conditions;
         }
-        private static SamlAudienceRestrictionCondition CreateAudienceRestrictionCondition(string audience)
-        {
-            SamlAudienceRestrictionCondition audRestrictionCondition = new ();
-            audRestrictionCondition.Audiences.Add(new Uri(audience));
-            return audRestrictionCondition;
-        }
+
 
         private static SamlAudienceRestrictionCondition CreateAudienceRestrictionCondition(IList<string> audiences)
         {
             SamlAudienceRestrictionCondition audRestrictionCondition = new();
-            foreach (var audience in audiences)
-                audRestrictionCondition.Audiences.Add(new Uri(audience));
+            for (int i = 0; i < audiences.Count; i++)
+                audRestrictionCondition.Audiences.Add(new Uri(audiences[i]));
 
             return audRestrictionCondition;
         }
 
         private static SamlCondition CreateAudienceRestrictionCondition(string audience, IList<string> audiences)
         {
-            SamlAudienceRestrictionCondition audRestrictionCondition = new();
-            audRestrictionCondition.Audiences.Add(new Uri(audience));
+            SamlAudienceRestrictionCondition audRestrictionCondition = new(new Uri(audience));
             for (int i = 0; i < audiences.Count; i++)
                 audRestrictionCondition.Audiences.Add(new Uri(audiences[i]));
-            
+
             return audRestrictionCondition;
         }
 

diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
@@ -644,12 +644,14 @@ protected virtual Saml2Conditions CreateConditions(SecurityTokenDescriptor token
             else if (SetDefaultTimesOnTokenCreation)
                 conditions.NotOnOrAfter = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes);
 
-            var audienceRestriction = new Saml2AudienceRestriction(tokenDescriptor.Audiences);
-
-            if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
-                audienceRestriction.Audiences.Add(tokenDescriptor.Audience);
-
-            conditions.AudienceRestrictions.Add(audienceRestriction);
+            if (tokenDescriptor.Audiences.Count > 0)
+            {
+                conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audiences));
+                if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
+                    conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audience));
+            }
+            else if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
+                conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audience));
 
             return conditions;
         }

diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/json/JsonWebTokenHandler.cs
@@ -359,7 +359,7 @@ public virtual string CreateToken(SecurityTokenDescriptor tokenDescriptor)
             if (tokenDescriptor.Claims != null && tokenDescriptor.Claims.Count > 0)
                 payload.Merge(JObject.FromObject(tokenDescriptor.Claims), new JsonMergeSettings { MergeArrayHandling = MergeArrayHandling.Replace });
 
-            if (!tokenDescriptor.Audiences.IsNullOrEmpty())
+            if (tokenDescriptor.Audiences.Count > 0)
             {
                 if (payload.ContainsKey(JwtRegisteredClaimNames.Aud))
                     LogDuplicatedClaim(nameof(tokenDescriptor.Audiences));

diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenHandlerTests.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenHandlerTests.cs
@@ -303,7 +303,7 @@ public void CheckExpectedDifferenceInAudClaimUsingSecurityTokenDescriptor(Create
 
                 if (audMemberSet)
                 {
-                    if (!theoryData.TokenDescriptor.Audiences.IsNullOrEmpty())
+                    if (theoryData.TokenDescriptor.Audiences.Count > 0)
                         expectedAudClaimCount += theoryData.TokenDescriptor.Audiences.Count;
 
                     if (!theoryData.TokenDescriptor.Audience.IsNullOrEmpty())