Added internal virtual on TokenHandler #3084
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
Add AadIssuer with ValidationParameters Added tests to AadIssuerValidator for ValidationParameters
keegan-caruso
force-pushed
the
brentsch/ExceptionHandling
branch
from
b69fd68 to
75acd6c
Compare
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
jmprieur
reviewed
Jan 10, 2025
| @@ -374,7 +380,9 @@ public string NameClaimType | |||
| /// Gets or sets the <see cref="IDictionary{TKey, TValue}"/> that contains a collection of custom key/value pairs. | |||
| /// This allows addition of parameters that could be used in custom token validation scenarios. | |||
| /// </summary> | |||
| public IDictionary<string, object> PropertyBag { get; } | |||
| public IDictionary<string, object> PropertyBag => _propertyBag ?? | |||
There was a problem hiding this comment.
and this one is not unique to the instance? is it shared between ValidationParameters that were cloned from each other?
There was a problem hiding this comment.
Yes shared between all instances.
| @@ -19,7 +19,7 @@ namespace Microsoft.IdentityModel.Validators | |||
| /// <summary> | |||
| /// Generic class that validates the issuer for either JsonWebTokens or JwtSecurityTokens issued from the Microsoft identity platform (AAD). | |||
| /// </summary> | |||
| public class AadIssuerValidator | |||
There was a problem hiding this comment.
How much copy/paste is there in the partial implementation vs how much can we have in common? I understand that the input (ValidationParameters, context) will be different, and that the output is an Error, not an exception thrown, but can the logic be a bit more common?
There was a problem hiding this comment.
Certainly, that can be done. Not the goal right now. The goal is to enable upper layers to make the calls.
src/Microsoft.IdentityModel.Validators/AadValidationParametersExtension.Internal.cs
Show resolved
Hide resolved
| /// <param name="securityToken">The <see cref="SecurityToken"/> being validated, could be a JwtSecurityToken or JsonWebToken.</param> | ||
| /// <param name="configuration">The <see cref="BaseConfiguration"/> provided.</param> | ||
| /// <returns><c>true</c> if the issuer of the signing key is valid; otherwise, <c>false</c>.</returns> | ||
| internal static bool ValidateIssuerSigningKey(SecurityKey securityKey, SecurityToken securityToken, BaseConfiguration configuration) |
There was a problem hiding this comment.
This method is common with AadTokenValidationParametersExtensions (to the letter)
|
|
||
| if (!string.Equals(signingKeyCloudInstanceName, configurationCloudInstanceName, StringComparison.Ordinal)) | ||
| throw LogHelper.LogExceptionMessage( | ||
| new SecurityTokenInvalidCloudInstanceException( |
There was a problem hiding this comment.
this is the only line that changes in this method vs in AadValidationParametersExtension
| } | ||
| } | ||
|
|
||
| private static JsonWebKey GetJsonWebKeyBySecurityKey(OpenIdConnectConfiguration configuration, SecurityKey securityKey) |
There was a problem hiding this comment.
Same method and content in both
| return null; | ||
| } | ||
|
|
||
| private static string GetTid(SecurityToken securityToken) |
There was a problem hiding this comment.
Same method and content in both
| } | ||
| } | ||
|
|
||
| private static void EnforceSingleClaimCaseInsensitive(IEnumerable<string> keys, string claimType) |
There was a problem hiding this comment.
Same method and content in both
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support to AadIssuerValidator for ValidationParameters.
Removed the parameter BaseConfiguration from delegates as ValidationParameters has ConfigurationManager which should be used to obtain BaseConfiguration when needed.
ValidationParameters.PropertyBag was not instantiated.
Create ValidationParameters.PropertyBag and InstancePropertyBag on demand.
Copy logic from existing AadIssuerValidator, keeping as code the same as much as possible.
Copy logic from existing AadTokenValidationParametersExtension to AadValidationParametersExtension keeping as code the same as much as possible.
This copied code will need to be refactored into common base code.
Move CloudInstanceNameKey to constants file.
Added tests to AadTokenValidationParametersExtensionTests and MicrosoftIdentityIssuerValidatorTest that cover existing tests.