AzureAD · FuPingFranco · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024
@@ -707,14 +707,14 @@ internal static void WriteJwsPayload(
 
             if (tokenDescriptor.Audiences.Count > 0)
             {
-                if (!tokenDescriptor.Audience.IsNullOrEmpty())
+                if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
                     JsonPrimitives.WriteStrings(ref writer, JwtPayloadUtf8Bytes.Aud, tokenDescriptor.Audiences, tokenDescriptor.Audience);
                 else
                     JsonPrimitives.WriteStrings(ref writer, JwtPayloadUtf8Bytes.Aud, tokenDescriptor.Audiences);
 
                 audienceSet = true;
             }
-            else if (!tokenDescriptor.Audience.IsNullOrEmpty())
+            else if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
             {
                 writer.WritePropertyName(JwtPayloadUtf8Bytes.Aud);
                 writer.WriteStringValue(tokenDescriptor.Audience);

@@ -499,7 +499,7 @@ private static JsonWebToken ValidateSignatureUsingDelegates(JsonWebToken jsonWeb
         /// Validates a JWS or a JWE.
         /// </summary>
         /// <param name="token">A JSON Web Token (JWT) in JWS or JWE Compact Serialization format.</param>
-        /// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param>
+        /// <param name="validationParameters">The <see cref="TokenValidationParameters"/> to be used for validating the token.</param>
         /// <returns>A <see cref="TokenValidationResult"/>.</returns>
         [Obsolete("`JsonWebTokens.ValidateToken(string, TokenValidationParameters)` has been deprecated and will be removed in a future release. Use `JsonWebTokens.ValidateTokenAsync(string, TokenValidationParameters)` instead. For more information, see https://aka.ms/IdentityModel/7-breaking-changes", false)]
         public virtual TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters)
@@ -513,7 +513,7 @@ public virtual TokenValidationResult ValidateToken(string token, TokenValidation
         /// Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.
         /// </summary>
         /// <param name="token">The token to be validated.</param>
-        /// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param>
+        /// <param name="validationParameters">The <see cref="TokenValidationParameters"/> to be used for validating the token.</param>
         /// <returns>A <see cref="TokenValidationResult"/>.</returns>
         /// <remarks>
         /// <para>TokenValidationResult.Exception will be set to one of the following exceptions if the <paramref name="token"/> is invalid.</para>

@@ -390,7 +390,7 @@ private static SecurityKey ResolveTokenDecryptionKeyFromConfig(JsonWebToken jwtT
         /// </summary>
         /// <param name="token">The <see cref="string"/> the token that is being decrypted.</param>
         /// <param name="jwtToken">The <see cref="JsonWebToken"/> that is being decrypted.</param>
-        /// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param>
+        /// <param name="validationParameters">The <see cref="TokenValidationParameters"/> to be used for validating the token.</param>
         /// <returns>A <see cref="SecurityKey"/> to use for signature validation.</returns>
         /// <remarks>If key fails to resolve, then null is returned.</remarks>
         protected virtual SecurityKey ResolveTokenDecryptionKey(string token, JsonWebToken jwtToken, TokenValidationParameters validationParameters)

@@ -29,6 +29,11 @@ public struct JwtRegisteredClaimNames
         /// </summary>
         public const string Address = "address";
 
+        /// <summary>
+        /// See: <see href="https://datatracker.ietf.org/doc/html/rfc7519#section-4"/>.
+        /// </summary>
+        public const string Alg = "alg";
+
         /// <summary>
         /// See: <see href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken"/>.
         /// </summary>

@@ -510,7 +510,7 @@ internal static string SafeLogJwtToken(object obj)
         /// </summary>
         /// <param name="kid">The <see cref="string"/> kid field of the token being validated.</param>
         /// <param name="x5t">The <see cref="string"/> x5t field of the token being validated.</param>
-        /// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param>
+        /// <param name="validationParameters">The <see cref="TokenValidationParameters"/> to be used for validating the token.</param>
         /// <param name="configuration">The <see cref="BaseConfiguration"/> that will be used along with the <see cref="TokenValidationParameters"/> to resolve the signing key.</param>
         /// <returns>A <see cref="SecurityKey"/> to use for signature validation.</returns>
         /// <remarks>Resolve the signing key using configuration then the validationParameters until a key is resolved. If key fails to resolve, then null is returned.</remarks>

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.ComponentModel;
+using System.IO;
 using System.Text.Json.Serialization;
 using System.Threading;
 using Microsoft.IdentityModel.Abstractions;
@@ -81,7 +82,7 @@ public static OpenIdConnectConfiguration Create(string json)
         /// </summary>
         /// <param name="configuration"><see cref="OpenIdConnectConfiguration"/> object to serialize.</param>
         /// <returns>json string representing the configuration object.</returns>
-        /// <exception cref="ArgumentNullException">Thrown if <paramref name="configuration"/> is null.</exception>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="configuration"/> is <see langword="null"/>.</exception>
         public static string Write(OpenIdConnectConfiguration configuration)
         {
             if (configuration == null)
@@ -93,6 +94,27 @@ public static string Write(OpenIdConnectConfiguration configuration)
             return OpenIdConnectConfigurationSerializer.Write(configuration);
         }
 
+        /// <summary>
+        /// Writes an <see cref="OpenIdConnectConfiguration"/> as JSON to the <paramref name="stream"/>.
+        /// </summary>
+        /// <param name="configuration">The <see cref="OpenIdConnectConfiguration"/> to serialize.</param>
+        /// <param name="stream">The <see cref="Stream"/> to write to.</param>
+        /// <remarks>Because a <see cref="Stream"/> is provided, this method does not return a value.</remarks>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="configuration"/> or <paramref name="stream"/> is <see langword="null"/>.</exception>
+        public static void Write(OpenIdConnectConfiguration configuration, Stream stream)
+        {
+            if (configuration == null)
+                throw LogHelper.LogArgumentNullException(nameof(configuration));
+
+            if (stream == null)
+                throw LogHelper.LogArgumentNullException(nameof(stream));
+
+            if (LogHelper.IsEnabled(EventLogLevel.Verbose))
+                LogHelper.LogVerbose(LogMessages.IDX21809);
+
+            OpenIdConnectConfigurationSerializer.Write(configuration, stream);
+        }
+
         /// <summary>
         /// Initializes an new instance of <see cref="OpenIdConnectConfiguration"/>.
         /// </summary>

@@ -617,6 +617,20 @@ public static string Write(OpenIdConnectConfiguration OpenIdConnectConfiguration
             }
         }
 
+        public static void Write(OpenIdConnectConfiguration OpenIdConnectConfiguration, Stream stream)
+        {
+            Utf8JsonWriter writer = null;
+            try
+            {
+                writer = new Utf8JsonWriter(stream, new JsonWriterOptions { Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping });
+                Write(ref writer, OpenIdConnectConfiguration);
+            }
+            finally
+            {
+                writer?.Dispose();
+            }
+        }
+
         public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration config)
         {
             writer.WriteStartObject();