-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor: Add Serialization for JsonWebToken in OpenIdConnectConfiguration #2627
Changes from 12 commits
629e91f
1a71e87
f2296aa
9c97398
6aacac0
90907f8
0db3e87
19133a0
c7483c7
54d1fb5
39c3ac2
a783b21
53d0d52
8240538
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,8 @@ | |
using Utf8Bytes = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataUtf8Bytes; | ||
using JsonPrimitives = Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives; | ||
using MetadataName = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataNames; | ||
using Microsoft.IdentityModel.Tokens; | ||
using Microsoft.IdentityModel.Tokens.Json; | ||
|
||
namespace Microsoft.IdentityModel.Protocols.OpenIdConnect | ||
{ | ||
|
@@ -69,6 +71,7 @@ public static readonly | |
"INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED", | ||
"INTROSPECTION_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED", | ||
"JWKS_URI", | ||
"KEYS", | ||
"ISSUER", | ||
"LOGOUT_SESSION_SUPPORTED", | ||
"OP_POLICY_URI", | ||
|
@@ -220,6 +223,16 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC | |
else if (reader.ValueTextEquals(Utf8Bytes.EndSessionEndpoint)) | ||
config.EndSessionEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.EndSessionEndpoint, ClassName, true); | ||
|
||
else if (reader.ValueTextEquals(Encoding.UTF8.GetBytes(JsonWebKeySetParameterNames.Keys))) | ||
{ | ||
config.ShouldSerializeJsonWebKeys = true; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why is this set to true? |
||
if (config.JsonWebKeySet == null) | ||
config.JsonWebKeySet = new JsonWebKeySet(); | ||
// Skip key "Keys" | ||
reader.Read(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is different than the case-insensitive below, reader.Read() is not called. |
||
JsonWebKeySetSerializer.ReadKeys(ref reader, config.JsonWebKeySet); | ||
} | ||
|
||
// FrontchannelLogoutSessionSupported and FrontchannelLogoutSupported are per spec 'boolean'. | ||
// We shipped pervious versions accepting a string and transforming to a boolean. | ||
else if (reader.ValueTextEquals(Utf8Bytes.FrontchannelLogoutSessionSupported)) | ||
|
@@ -575,6 +588,15 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC | |
|
||
else if (propertyName.Equals(MetadataName.UserInfoSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase)) | ||
JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointSigningAlgValuesSupported, propertyName, ClassName); | ||
|
||
else if (propertyName.Equals(JsonWebKeySetParameterNames.Keys, StringComparison.OrdinalIgnoreCase)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a breaking behavior for users. |
||
{ | ||
config.ShouldSerializeJsonWebKeys = true; | ||
if (config.JsonWebKeySet == null) | ||
config.JsonWebKeySet = new JsonWebKeySet(); | ||
// Skip key "Keys" | ||
JsonWebKeySetSerializer.ReadKeys(ref reader, config.JsonWebKeySet); | ||
} | ||
} | ||
#endregion case-insensitive | ||
} | ||
|
@@ -755,6 +777,9 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c | |
if (config.ResponseTypesSupported.Count > 0) | ||
JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ResponseTypesSupported, config.ResponseTypesSupported); | ||
|
||
if (config.ShouldSerializeJsonWebKeys && config.JsonWebKeySet != null && config.JsonWebKeySet.Keys.Count > 0) | ||
JsonWebKeySetSerializer.Write(ref writer, config.JsonWebKeySet, shouldWriteObject: false); | ||
|
||
if (config.ScopesSupported.Count > 0) | ||
JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ScopesSupported, config.ScopesSupported); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -634,7 +634,7 @@ public static TheoryData<ConfigurationManagerTheoryData<OpenIdConnectConfigurati | |
ConfigurationValidator = openIdConnectConfigurationValidator2, | ||
DocumentRetriever = new FileDocumentRetriever(), | ||
ExpectedException = new ExpectedException(typeof(InvalidOperationException), "IDX21817:", typeof(InvalidConfigurationException)), | ||
MetadataAddress = "JsonWebKeySetUnrecognizedKty.json", | ||
MetadataAddress = "EmptyJsonWebKeySet.json", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why were these tests removed? |
||
TestId = "InvalidConfiguration_EmptyJsonWenKeySet" | ||
}); | ||
|
||
|
@@ -645,7 +645,7 @@ public static TheoryData<ConfigurationManagerTheoryData<OpenIdConnectConfigurati | |
DocumentRetriever = new FileDocumentRetriever(), | ||
PresetCurrentConfiguration = true, | ||
ExpectedErrorMessage = "IDX21817: ", | ||
MetadataAddress = "JsonWebKeySetUnrecognizedKty.json", | ||
MetadataAddress = "EmptyJsonWebKeySet.json", | ||
TestId = "InvalidConfiguration_EmptyJsonWenKeySet_PresetCurrentConfiguration" | ||
}); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"keys": [] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OpenIdConnectRetriever will reset the JsonWebKeySet here:
azure-activedirectory-identitymodel-extensions-for-dotnet/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/Configuration/OpenIdConnectConfigurationRetriever.cs
Line 81 in d0131d5
Is that accounted for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. However, this shouldn't disrupt the flow that retrieves the configuration from an L2 cache. It might be best to fetch keys only if they are not already set.