AzureAD · nguyencuong2596 · Jun 10, 2024 · Jun 11, 2024 · Jun 11, 2024 · Jun 12, 2024
@@ -1093,6 +1093,13 @@ public bool ShouldSerializeUserInfoEndpointSigningAlgValuesSupported()
         {
             return UserInfoEndpointSigningAlgValuesSupported.Count > 0;
         }
-#endregion shouldserialize
+
+        /// <summary>
+        /// Gets or sets a value indicating whether the JsonWebKeys should be serialized.
+        /// </summary>
+        [JsonIgnore]
+        public bool ShouldSerializeJsonWebKeys { get; set; }
+
+        #endregion shouldserialize
     }
 }
@@ -15,6 +15,8 @@
 using Utf8Bytes = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataUtf8Bytes;
 using JsonPrimitives = Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives;
 using MetadataName = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdProviderMetadataNames;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Tokens.Json;
 
 namespace Microsoft.IdentityModel.Protocols.OpenIdConnect
 {
@@ -69,6 +71,7 @@ public static readonly
             "INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED",
             "INTROSPECTION_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED",
             "JWKS_URI",
+            "KEYS",
             "ISSUER",
             "LOGOUT_SESSION_SUPPORTED",
             "OP_POLICY_URI",
@@ -220,6 +223,16 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
                     else if (reader.ValueTextEquals(Utf8Bytes.EndSessionEndpoint))
                         config.EndSessionEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.EndSessionEndpoint, ClassName, true);
 
+                    else if (reader.ValueTextEquals(Encoding.UTF8.GetBytes(JsonWebKeySetParameterNames.Keys)))
 openIdConnectConfiguration.JsonWebKeySet = new JsonWebKeySet(keys); 
 openIdConnectConfiguration.JsonWebKeySet = new JsonWebKeySet(keys); 
+                    {
+                        config.ShouldSerializeJsonWebKeys = true;
+                        if (config.JsonWebKeySet == null)
+                            config.JsonWebKeySet = new JsonWebKeySet();
+                        // Skip key "Keys"
+                        reader.Read();
+                        JsonWebKeySetSerializer.ReadKeys(ref reader, config.JsonWebKeySet);
+                    }
+
                     // FrontchannelLogoutSessionSupported and FrontchannelLogoutSupported are per spec 'boolean'.
                     // We shipped pervious versions accepting a string and transforming to a boolean.
                     else if (reader.ValueTextEquals(Utf8Bytes.FrontchannelLogoutSessionSupported))
@@ -575,6 +588,15 @@ public static OpenIdConnectConfiguration Read(ref Utf8JsonReader reader, OpenIdC
 
                             else if (propertyName.Equals(MetadataName.UserInfoSigningAlgValuesSupported, StringComparison.OrdinalIgnoreCase))
                                 JsonPrimitives.ReadStrings(ref reader, config.UserInfoEndpointSigningAlgValuesSupported, propertyName, ClassName);
+
+                            else if (propertyName.Equals(JsonWebKeySetParameterNames.Keys, StringComparison.OrdinalIgnoreCase))
+                            {
+                                config.ShouldSerializeJsonWebKeys = true;
+                                if (config.JsonWebKeySet == null)
+                                    config.JsonWebKeySet = new JsonWebKeySet();
+                                // Skip key "Keys"
+                                JsonWebKeySetSerializer.ReadKeys(ref reader, config.JsonWebKeySet);
+                            }
                         }
                         #endregion case-insensitive
                     }
@@ -755,6 +777,9 @@ public static void Write(ref Utf8JsonWriter writer, OpenIdConnectConfiguration c
             if (config.ResponseTypesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ResponseTypesSupported, config.ResponseTypesSupported);
 
+            if (config.ShouldSerializeJsonWebKeys && config.JsonWebKeySet != null && config.JsonWebKeySet.Keys.Count > 0)
+                JsonWebKeySetSerializer.Append(ref writer, config.JsonWebKeySet);
+
             if (config.ScopesSupported.Count > 0)
                 JsonPrimitives.WriteStrings(ref writer, Utf8Bytes.ScopesSupported, config.ScopesSupported);
 

@@ -139,7 +139,12 @@ public static string Write(JsonWebKeySet jsonWebKeySet)
         public static void Write(ref Utf8JsonWriter writer, JsonWebKeySet jsonWebKeySet)
         {
             writer.WriteStartObject();
+            Append(ref writer, jsonWebKeySet);
+            writer.WriteEndObject();
+        }
 
+        internal static void Append(ref Utf8JsonWriter writer, JsonWebKeySet jsonWebKeySet)
+        {
             writer.WritePropertyName(JsonWebKeyParameterUtf8Bytes.Keys);
             writer.WriteStartArray();
 
@@ -150,8 +155,6 @@ public static void Write(ref Utf8JsonWriter writer, JsonWebKeySet jsonWebKeySet)
 
             if (jsonWebKeySet.AdditionalData.Count > 0)
                 JsonSerializerPrimitives.WriteObjects(ref writer, jsonWebKeySet.AdditionalData);
-
-            writer.WriteEndObject();
         }
 
         #endregion

@@ -634,7 +634,7 @@ public static TheoryData<ConfigurationManagerTheoryData<OpenIdConnectConfigurati
                     ConfigurationValidator = openIdConnectConfigurationValidator2,
                     DocumentRetriever = new FileDocumentRetriever(),
                     ExpectedException = new ExpectedException(typeof(InvalidOperationException), "IDX21817:", typeof(InvalidConfigurationException)),
-                    MetadataAddress = "JsonWebKeySetUnrecognizedKty.json",
+                    MetadataAddress = "EmptyJsonWebKeySet.json",
                     TestId = "InvalidConfiguration_EmptyJsonWenKeySet"
                 });
 
@@ -645,7 +645,7 @@ public static TheoryData<ConfigurationManagerTheoryData<OpenIdConnectConfigurati
                     DocumentRetriever = new FileDocumentRetriever(),
                     PresetCurrentConfiguration = true,
                     ExpectedErrorMessage = "IDX21817: ",
-                    MetadataAddress = "JsonWebKeySetUnrecognizedKty.json",
+                    MetadataAddress = "EmptyJsonWebKeySet.json",
                     TestId = "InvalidConfiguration_EmptyJsonWenKeySet_PresetCurrentConfiguration"
                 });
 

@@ -0,0 +1,3 @@
+{
+    "keys": []
+}
@@ -12,7 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <None Update="JsonWebKeySet.json;JsonWebKeySetBadBase64Data.json;JsonWebKeySetBadX509Data.json;JsonWebKeySetEnd2End.json;JsonWebKeySetSingleX509Data.json;OpenIdConnectMetadata.json;OpenIdConnectMetadata2.json;JsonWebKeySetUnrecognizedKty.json;JsonWebKeySetBadRsaDataMissingComponent.json;OpenIdConnectMetadataBadBase64Data.json;OpenIdConnectMetadataBadX509Data.json;OpenIdConnectMetadataEnd2End.json;OpenIdConnectMetadataJsonWebKeySetBadUri.json;PingLabsJWKS.json;PingLabs-openid-configuration.json;;JsonWebKeySetEnd2EndEC.json;OpenIdConnectMetadataEnd2EndEC.json;OpenIdConnectMetadataUnrecognizedKty.json;OpenIdConnectMetadataBadRsaDataMissingComponent.json">
+    <None Update="JsonWebKeySet.json;JsonWebKeySetBadBase64Data.json;JsonWebKeySetBadX509Data.json;JsonWebKeySetEnd2End.json;JsonWebKeySetSingleX509Data.json;OpenIdConnectMetadata.json;OpenIdConnectMetadata2.json;JsonWebKeySetUnrecognizedKty.json;JsonWebKeySetBadRsaDataMissingComponent.json;OpenIdConnectMetadataBadBase64Data.json;OpenIdConnectMetadataBadX509Data.json;OpenIdConnectMetadataEnd2End.json;OpenIdConnectMetadataJsonWebKeySetBadUri.json;PingLabsJWKS.json;PingLabs-openid-configuration.json;;JsonWebKeySetEnd2EndEC.json;OpenIdConnectMetadataEnd2EndEC.json;OpenIdConnectMetadataUnrecognizedKty.json;OpenIdConnectMetadataBadRsaDataMissingComponent.json;EmptyJsonWebKeySet.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
   </ItemGroup>