Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers #1208

Tratcher · 2017-05-09T15:49:25Z

Inspired by: aspnet/AspNetKatana#55
Jwt and OIDC don't use the same logic for dealing with Issuers:

Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs

Lines 136 to 150 in 99aa3bd

    
           var validationParameters = Options.TokenValidationParameters.Clone(); 
        
           if (_configuration != null) 
        
           { 
        
               if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer)) 
        
               { 
        
                   validationParameters.ValidIssuer = _configuration.Issuer; 
        
               } 
        
               else 
        
               { 
        
                   var issuers = new[] { _configuration.Issuer }; 
        
                   validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers)); 
        
               } 
        
               validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys)); 
        
           }

Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs

Lines 1216 to 1228 in 99aa3bd

    
           if (_configuration != null) 
        
           { 
        
               if (string.IsNullOrEmpty(validationParameters.ValidIssuer)) 
        
               { 
        
                   validationParameters.ValidIssuer = _configuration.Issuer; 
        
               } 
        
               else if (!string.IsNullOrEmpty(_configuration.Issuer)) 
        
               { 
        
                   validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer }; 
        
               } 
        
               validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys; 
        
           }

Tratcher · 2017-05-09T15:49:37Z

@brentschmaltz

Eilon · 2017-06-15T21:45:42Z

@Tratcher - can you set up a few minutes with @brentschmaltz to go over this?

Tratcher · 2017-06-28T17:25:19Z

IM will look at both the single value and the list, so we can simplify the code to always work with the list at our layer.

Eilon assigned Tratcher Jun 15, 2017

Eilon added this to the 2.0.0 milestone Jun 15, 2017

Eilon added the task label Jun 15, 2017

Tratcher added the 2 - Working label Jun 28, 2017

Tratcher added a commit that referenced this issue Jun 28, 2017

#1208 Clean up JWT and OIDC issuer handling

ef3ea00

Tratcher mentioned this issue Jun 28, 2017

Clean up JWT and OIDC issuer handling #1279

Merged

Tratcher added a commit that referenced this issue Jul 5, 2017

#1208 Clean up JWT and OIDC issuer handling

658f462

Tratcher added 3 - Done and removed 2 - Working labels Jul 5, 2017

Tratcher closed this as completed Jul 5, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers #1208

Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers #1208

Tratcher commented May 9, 2017 •

edited by Eilon

Loading

Tratcher commented May 9, 2017

Uh oh!

Eilon commented Jun 15, 2017

Uh oh!

Tratcher commented Jun 28, 2017

Uh oh!

Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers #1208

Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers #1208

Comments

Tratcher commented May 9, 2017 • edited by Eilon Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Tratcher commented May 9, 2017

Uh oh!

Eilon commented Jun 15, 2017

Uh oh!

Tratcher commented Jun 28, 2017

Uh oh!

Tratcher commented May 9, 2017 •

edited by Eilon

Loading