Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor: Add Serialization for JsonWebToken in OpenIdConnectConfiguration #2627

Closed
wants to merge 14 commits into from
Closed

Refactor: Add Serialization for JsonWebToken in OpenIdConnectConfiguration #2627

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
629e91f
Serialize JWT
nguyencuong2596 Jun 10, 2024
1a71e87
Add test and remove property from json serialization
nguyencuong2596 Jun 11, 2024
f2296aa
Add test
nguyencuong2596 Jun 11, 2024
9c97398
Add mock configuration
nguyencuong2596 Jun 12, 2024
6aacac0
Add two test cases for (de)serialization
nguyencuong2596 Jun 14, 2024
90907f8
Merge branch 'dev' into cuong/idenitity-model-serializer
nguyencuong2596 Jun 18, 2024
0db3e87
Fix test
nguyencuong2596 Jun 18, 2024
19133a0
Increase number of props
nguyencuong2596 Jun 18, 2024
c7483c7
Fix error
nguyencuong2596 Jun 19, 2024
54d1fb5
Merge branch 'dev' into cuong/idenitity-model-serializer
nguyencuong2596 Jun 19, 2024
39c3ac2
Increase number of properties
nguyencuong2596 Jun 19, 2024
a783b21
Add new props to mock data
nguyencuong2596 Jun 20, 2024
53d0d52
Add Append to JWK Serializer
nguyencuong2596 Jun 20, 2024
8240538
Remove debug code
nguyencuong2596 Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion ...crosoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfiguration.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -812,6 +812,12 @@ public bool ShouldSerializeUserInfoEndpointSigningAlgValuesSupported()
return UserInfoEndpointSigningAlgValuesSupported.Count > 0;
}

#endregion shouldserialize
/// <summary>
/// Gets or sets a value indicating whether the JsonWebKeys should be serialized.
/// </summary>
[JsonIgnore]
public bool ShouldSerializeJsonWebKeys { get; set; }

#endregion shouldserialize
}
}
77 changes: 47 additions & 30 deletions ...rosoft.IdentityModel.Protocols.OpenIdConnect/Json/OpenIdConnectConfigurationSerializer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
using Utf8Bytes = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataUtf8Bytes;
using JsonPrimitives = Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives;
using MetadataName = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataNames;
using Microsoft.IdentityModel.Tokens;
using Microsoft.IdentityModel.Tokens.Json;

namespace Microsoft.IdentityModel.Protocols.OpenIdConnect
{
Expand Down Expand Up @@ -156,6 +158,14 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
else if (reader.ValueTextEquals(Utf8Bytes.EndSessionEndpoint))
config.EndSessionEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.EndSessionEndpoint, ClassName, true);

else if (reader.ValueTextEquals(Encoding.UTF8.GetBytes(JsonWebKeySetParameterNames.Keys)))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenIdConnectRetriever will reset the JsonWebKeySet here:

azure-activedirectory-identitymodel-extensions-for-dotnet/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfigurationRetriever.cs

Line 81 in d0131d5

openIdConnectConfiguration.JsonWebKeySet = new JsonWebKeySet(keys);

Is that accounted for?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. However, this shouldn't disrupt the flow that retrieves the configuration from an L2 cache. It might be best to fetch keys only if they are not already set.

{
reader.Read();
if (config.JsonWebKeySet == null)
config.JsonWebKeySet = new JsonWebKeySet();
JsonWebKeySetSerializer.Read(ref reader, config.JsonWebKeySet);
}

// FrontchannelLogoutSessionSupported and FrontchannelLogoutSupported are per spec 'boolean'.
// We shipped pervious versions accepting a string and transforming to a boolean.
else if (reader.ValueTextEquals(Utf8Bytes.FrontchannelLogoutSessionSupported))
Expand Down Expand Up @@ -279,6 +289,7 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC

else if (reader.ValueTextEquals(Utf8Bytes.UserInfoSigningAlgValuesSupported))
JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointSigningAlgValuesSupported, MetadataName.UserInfoSigningAlgValuesSupported, ClassName, true);

#endregion
else
{
Expand Down Expand Up @@ -353,91 +364,91 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
else if (propertyName.Equals(MetadataName.IdTokenEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.IdTokenEncryptionEncValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName.IdTokenSigningAlgValuesSupported , StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.IdTokenSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.IdTokenSigningAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. IntrospectionEndpoint, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.IntrospectionEndpoint, StringComparison.OrdinalIgnoreCase))
config.IntrospectionEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. IntrospectionEndpointAuthMethodsSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.IntrospectionEndpointAuthMethodsSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.IntrospectionEndpointAuthMethodsSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. IntrospectionEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.IntrospectionEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.IntrospectionEndpointAuthSigningAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. Issuer, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.Issuer, StringComparison.OrdinalIgnoreCase))
config.Issuer = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. JwksUri, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.JwksUri, StringComparison.OrdinalIgnoreCase))
config.JwksUri = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. LogoutSessionSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.LogoutSessionSupported, StringComparison.OrdinalIgnoreCase))
config.LogoutSessionSupported = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. OpPolicyUri, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.OpPolicyUri, StringComparison.OrdinalIgnoreCase))
config.OpPolicyUri = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. OpTosUri, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.OpTosUri, StringComparison.OrdinalIgnoreCase))
config.OpTosUri = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RegistrationEndpoint, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RegistrationEndpoint, StringComparison.OrdinalIgnoreCase))
config.RegistrationEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequestObjectEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequestObjectEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.RequestObjectEncryptionAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequestObjectEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequestObjectEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.RequestObjectEncryptionEncValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequestObjectSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequestObjectSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.RequestObjectSigningAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequestParameterSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequestParameterSupported, StringComparison.OrdinalIgnoreCase))
config.RequestParameterSupported = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequestUriParameterSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequestUriParameterSupported, StringComparison.OrdinalIgnoreCase))
config.RequestUriParameterSupported = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. RequireRequestUriRegistration, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.RequireRequestUriRegistration, StringComparison.OrdinalIgnoreCase))
config.RequireRequestUriRegistration = JsonPrimitives.ReadBoolean(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. ResponseModesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.ResponseModesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.ResponseModesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. ResponseTypesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.ResponseTypesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.ResponseTypesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. ScopesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.ScopesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.ScopesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. ServiceDocumentation, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.ServiceDocumentation, StringComparison.OrdinalIgnoreCase))
config.ServiceDocumentation = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. SubjectTypesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.SubjectTypesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.SubjectTypesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. TokenEndpoint, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.TokenEndpoint, StringComparison.OrdinalIgnoreCase))
config.TokenEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. TokenEndpointAuthMethodsSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.TokenEndpointAuthMethodsSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthMethodsSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. TokenEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.TokenEndpointAuthSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.TokenEndpointAuthSigningAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. UILocalesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.UILocalesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.UILocalesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. UserInfoEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.UserInfoEncryptionAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointEncryptionAlgValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. UserInfoEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.UserInfoEncryptionEncValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointEncryptionEncValuesSupported, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. UserInfoEndpoint, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.UserInfoEndpoint, StringComparison.OrdinalIgnoreCase))
config.UserInfoEndpoint = JsonPrimitives.ReadString(ref reader, propertyName, ClassName);

else if (propertyName.Equals(MetadataName. UserInfoSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
else if (propertyName.Equals(MetadataName.UserInfoSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointSigningAlgValuesSupported, propertyName, ClassName);

}
Expand Down Expand Up @@ -578,6 +589,12 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
if (config.ResponseTypesSupported.Count > 0)
JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ResponseTypesSupported, config.ResponseTypesSupported);

if (config.ShouldSerializeJsonWebKeys && config.JsonWebKeySet != null && config.JsonWebKeySet.Keys.Count > 0)
{
writer.WritePropertyName(Encoding.UTF8.GetBytes(JsonWebKeySetParameterNames.Keys));
JsonWebKeySetSerializer.Write(ref writer, config.JsonWebKeySet);
}

if (config.ScopesSupported.Count > 0)
JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ScopesSupported, config.ScopesSupported);

Expand Down Expand Up @@ -610,7 +627,7 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c

if (config.UserInfoEndpointSigningAlgValuesSupported.Count > 0)
JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.UserInfoSigningAlgValuesSupported, config.UserInfoEndpointSigningAlgValuesSupported);

if (config.AdditionalData.Count > 0)
JsonPrimitives.WriteObjects(ref writer, config.AdditionalData);

Expand Down
17 changes: 17 additions & 0 deletions .../Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectConfigurationTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ public void Defaults()
Assert.NotNull(configuration.UserInfoEndpointEncryptionAlgValuesSupported);
Assert.NotNull(configuration.UserInfoEndpointEncryptionEncValuesSupported);
Assert.NotNull(configuration.UserInfoEndpointSigningAlgValuesSupported);
Assert.False(configuration.ShouldSerializeJsonWebKeys);
}

// If the OpenIdConnect metadata has a "SigningKeys" claim, it should NOT be deserialized into the corresponding OpenIdConnectConfiguration.SigningKeys property.
Expand All @@ -125,6 +126,22 @@ public void DeserializeOpenIdConnectConfigurationWithSigningKeys()
TestUtilities.AssertFailIfErrors(context);
}

[Fact]
public void DeserializeOpenIdConnectConfigurationWithJsonWebKeySet()
{
TestUtilities.WriteHeader($"{this}.DeserializeOpenIdConnectConfigurationWithJsonWebKeySet");
var context = new CompareContext();
var config = OpenIdConfigData.FullyPopulatedWithKeys;
config.ShouldSerializeJsonWebKeys = true;
var json = OpenIdConnectConfiguration.Write(config);
var actualConfig = OpenIdConnectConfiguration.Create(json);

// "JsonWebKeySet" should be identical
IdentityComparer.AreEqual(OpenIdConfigData.FullyPopulatedWithKeys.JsonWebKeySet, actualConfig.JsonWebKeySet, context);

TestUtilities.AssertFailIfErrors(context);
}

[Fact]
public void GetSets()
{
Expand Down
9 changes: 8 additions & 1 deletion .../Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectSerializationTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public static TheoryData<OpenIdConnectTheoryData> DesrializeTheoryData
get
{
TheoryData<OpenIdConnectTheoryData> theoryData = new TheoryData<OpenIdConnectTheoryData>();

// the reason to replace AdditionalData with upper case is because the test deserializes uppercase and lowercase.
// we wanted to leave the data sets in original form from discovery to be used in other tests.
theoryData.Add(new OpenIdConnectTheoryData("AADCommonV1")
Expand Down Expand Up @@ -138,9 +138,16 @@ public static TheoryData<OpenIdConnectTheoryData> DesrializeTheoryData
CompareTo = OpenIdConfigData.NullConfig,
Json = JsonData.NullObject
});

nguyencuong2596 marked this conversation as resolved.
Show resolved Hide resolved
theoryData.Add(new OpenIdConnectTheoryData("SerializeJsonWebKeySet")
{
CompareTo = OpenIdConfigData.FullyPopulatedWithKeys,
Json = OpenIdConfigData.JsonAllValues
});

return theoryData;
}
}

}
}