From a502b0fc2d50ff7c9500062b098cfd056a81d283 Mon Sep 17 00:00:00 2001 From: brentschmaltz Date: Wed, 7 Sep 2022 14:18:47 -0700 Subject: [PATCH] Delayed ClaimsIdentity by calling into JsonWebTokenHandler added friend assembly --- .../Json/JsonClaimSet.cs | 2 +- .../JsonWebTokenHandler.cs | 9 ++++++--- src/Microsoft.IdentityModel.Tokens/TokenHandler.cs | 12 ++++++++++++ .../TokenValidationResult.cs | 13 ++++++------- .../Properties/AssemblyInfo.cs | 1 + 5 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs b/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs index cf70db1d30..9b2c805812 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs @@ -96,7 +96,7 @@ private static Claim CreateClaimFromJsonElement(string key, string issuer, JsonE if (jsonElement.TryGetInt16(out short _)) return new Claim(key, jsonElement.ToString(), ClaimValueTypes.Integer, issuer, issuer); else if (jsonElement.TryGetInt32(out int _)) - return new Claim(key, jsonElement.ToString(), ClaimValueTypes.Integer32, issuer, issuer); + return new Claim(key, jsonElement.ToString(), ClaimValueTypes.Integer, issuer, issuer); else if (jsonElement.TryGetInt64(out long _)) return new Claim(key, jsonElement.ToString(), ClaimValueTypes.Integer64, issuer, issuer); else if (jsonElement.TryGetDecimal(out decimal _)) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs index 1dbb19738c..0a326d12bd 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs @@ -685,6 +685,11 @@ protected virtual ClaimsIdentity CreateClaimsIdentity(JsonWebToken jwtToken, Tok return CreateClaimsIdentityPrivate(jwtToken, validationParameters, issuer); } + internal override ClaimsIdentity CreateClaimsIdentityInternal(SecurityToken securityToken, TokenValidationParameters tokenValidationParameters, string issuer) + { + return CreateClaimsIdentity(securityToken as JsonWebToken, tokenValidationParameters, issuer); + } + private static string GetActualIssuer(JsonWebToken jwtToken) { string actualIssuer = jwtToken.Issuer; @@ -1402,10 +1407,8 @@ private TokenValidationResult ValidateTokenPayload(JsonWebToken jsonWebToken, To } string tokenType = Validators.ValidateTokenType(jsonWebToken.Typ, jsonWebToken, validationParameters); - return new TokenValidationResult(jsonWebToken, validationParameters.Clone(), issuer) + return new TokenValidationResult(jsonWebToken, this, validationParameters.Clone(), issuer) { - SecurityToken = jsonWebToken, - Issuer = issuer, IsValid = true, TokenType = tokenType }; diff --git a/src/Microsoft.IdentityModel.Tokens/TokenHandler.cs b/src/Microsoft.IdentityModel.Tokens/TokenHandler.cs index f6d08f9858..519d87700f 100644 --- a/src/Microsoft.IdentityModel.Tokens/TokenHandler.cs +++ b/src/Microsoft.IdentityModel.Tokens/TokenHandler.cs @@ -4,6 +4,7 @@ using Microsoft.IdentityModel.Logging; using System; using System.ComponentModel; +using System.Security.Claims; using System.Threading.Tasks; using static Microsoft.IdentityModel.Logging.LogHelper; @@ -72,6 +73,17 @@ public int TokenLifetimeInMinutes /// A . public virtual SecurityToken ReadToken(string token) => throw new NotImplementedException(); + /// + /// Called by base class to create a . + /// Currently only used by the JsonWebTokenHandler to allow for a Lazy creation. + /// + /// the that has the Claims. + /// the that was used to validate the token. + /// the 'issuer' to use by default when creating a Claim. + /// A . + /// + internal virtual ClaimsIdentity CreateClaimsIdentityInternal(SecurityToken securityToken, TokenValidationParameters tokenValidationParameters, string issuer) => throw new NotImplementedException(); + #endregion } } diff --git a/src/Microsoft.IdentityModel.Tokens/TokenValidationResult.cs b/src/Microsoft.IdentityModel.Tokens/TokenValidationResult.cs index 2795f41326..7880018560 100644 --- a/src/Microsoft.IdentityModel.Tokens/TokenValidationResult.cs +++ b/src/Microsoft.IdentityModel.Tokens/TokenValidationResult.cs @@ -20,6 +20,7 @@ public class TokenValidationResult private bool _hasIsValidOrExceptionBeenRead = false; private bool _isValid = false; private TokenValidationParameters _validationParameters; + private TokenHandler _tokenHandler; /// /// Creates an instance of @@ -33,11 +34,13 @@ public TokenValidationResult() /// This ctor is used by the JsonWebTokenHandler as part of delaying creation of ClaimsIdentity. /// /// + /// /// /// - internal TokenValidationResult(SecurityToken securityToken, TokenValidationParameters validationParameters, string issuer) + internal TokenValidationResult(SecurityToken securityToken, TokenHandler tokenHandler, TokenValidationParameters validationParameters, string issuer) { _validationParameters = validationParameters; + _tokenHandler = tokenHandler; Issuer = issuer; SecurityToken = securityToken; Initialize(); @@ -81,12 +84,8 @@ public ClaimsIdentity ClaimsIdentity /// private ClaimsIdentity CreateClaimsIdentity() { - if (_validationParameters != null && SecurityToken != null && Issuer != null) - { - ClaimsIdentity claimsIdentity = _validationParameters.CreateClaimsIdentity(SecurityToken, Issuer); - claimsIdentity.AddClaims(SecurityToken.CreateClaims(Issuer)); - return claimsIdentity; - } + if (_validationParameters != null && SecurityToken != null && _tokenHandler != null && Issuer != null) + return _tokenHandler.CreateClaimsIdentityInternal(SecurityToken, _validationParameters, Issuer); return null; } diff --git a/src/Microsoft.IdentityModel.Validators/Properties/AssemblyInfo.cs b/src/Microsoft.IdentityModel.Validators/Properties/AssemblyInfo.cs index ae7cc1dbe2..68231d450c 100644 --- a/src/Microsoft.IdentityModel.Validators/Properties/AssemblyInfo.cs +++ b/src/Microsoft.IdentityModel.Validators/Properties/AssemblyInfo.cs @@ -17,3 +17,4 @@ [assembly: InternalsVisibleTo("Microsoft.IdentityModel.S2S.Extensions.AspNetCore.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] [assembly: InternalsVisibleTo("Microsoft.IdentityModel.JsonWebTokens.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] [assembly: InternalsVisibleTo("System.IdentityModel.Tokens.Jwt.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] +[assembly: InternalsVisibleTo("Microsoft.IdentityModel.S2S.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]