-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Metadata refresh not working when metadata is changed, since version 8.0.2 #3008
Comments
Does this repro with the latest 8.2.0? |
The metadata refresh was moved to a background thread after the initial request, it should refresh, but in the timespan of a unit test, the task to update the metadata may not have completed. |
@pmaytak yes its happening with version 8.0.2 onwards, also in latest version 8.2.0. In version 8.0.1, when generating a new bearer token with keys not present in the current in-memory configuration, the metadata was automatically refreshed upon encountering an initial The unit test pseudo-code sequence is as follows:
Note: In the unit test, metadata is read from a local JSON file. However, in version 8.0.2 (and the latest versions), if we generate a bearer token with new keys not found in the current in-memory configuration, token validation fails without attempting a retry with the updated metadata. In this case, line 911 is executed, and the We have also tried adding a delay in the unit test and retrying the token validation after regenerating the metadata, but all validation attempts continue to fail. Due to this behavior, we are unable to proceed with the package update to the latest version in Production. Could you please advise if any modifications are required in our token validation process or if adjustments to the unit test code are necessary? Notes:
|
Please let me know if any additional information is required to understand the problem. |
A minimal repro of code would help us a lot. thanks @shaheer-k |
@shaheer-k any update on a repro? |
@shaheer-k I understand your issue in reviewing the code. However, upon reflection, we should think about RequestRefresh() as blocking, as the logic will not work as before. Note: you should make sure all the version of IdentityModel are the same. |
@shaheer-k @jennyf19 @keegan-caruso @pmaytak I opened this issue which may provide a solution. |
Which version of Microsoft.IdentityModel are you using?
Microsoft.IdentityModel.Protocols.OpenIdConnect 8.0.2
Where is the issue?
We have upgraded to version 8.0.2 from 8.0.1.
After this upgrade, the metadata refresh not seems to be working as expected.
We have added a test to ensure that the metadata refresh is working when there is change in the metadata.
Expected behavior
Token is validated succesfully.
Actual behavior
Token validation fails with SecurityTokenInvalidSignatureException exception.
The above test is working with Microsoft.IdentityModel.Protocols.OpenIdConnect 8.0.1.
But it is failng with version 8.0.2 onwards.
Possible solution
Please check if this issue is related to the change #2780
The text was updated successfully, but these errors were encountered: