JwtFormat ignores TokenValidationParameters.ValidIssuer #55
Description
Hi,
In the Unprotect method of the JwtFormat class, it only validates against the IEnumerable ValidIssuers and ignores ValidIssuer. Shouldn't it concatenate it to the list of ValidIssuers before validating? Maybe it's by design?
TokenValidationParameters validationParameters = _validationParameters;
if (_issuerCredentialProviders != null)
{
// Lazy augment with issuers and tokens. Note these may be refreshed periodically.
validationParameters = validationParameters.Clone();
IEnumerable<string> issuers = _issuerCredentialProviders.Select(provider => provider.Issuer);
if (validationParameters.ValidIssuers == null)
{
validationParameters.ValidIssuers = issuers;
}
else
{
validationParameters.ValidIssuers = validationParameters.ValidIssuers.Concat(issuers);
}