From 337c739799b430c44bca15969029d4fc634bc8c5 Mon Sep 17 00:00:00 2001
From: Stephen Toub <stoub@microsoft.com>
Date: Wed, 26 Jul 2023 16:29:48 -0400
Subject: [PATCH] Remove closure from JsonWebTokenHandler.ValidateSignature
 (#2169)

The Any call on an exceptional path is closing over the jwtToken parameter, which means a display class gets allocated at the beginning of the method, whether that code path is taken or not.
---
 .../JsonWebTokenHandler.cs                                     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs
index a8b58e78ea..15d8432067 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs
@@ -1760,7 +1760,8 @@ private static JsonWebToken ValidateSignature(JsonWebToken jwtToken, TokenValida
             {
                 if (kidMatched)
                 {
-                    var isKidInTVP = keysInTokenValidationParameters.Any(x => x.KeyId.Equals(jwtToken.Kid));
+                    JsonWebToken localJwtToken = jwtToken; // avoid closure on non-exceptional path
+                    var isKidInTVP = keysInTokenValidationParameters.Any(x => x.KeyId.Equals(localJwtToken.Kid));
                     var keyLocation = isKidInTVP ? "TokenValidationParameters" : "Configuration";
                     throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(TokenLogMessages.IDX10511,
                         keysAttempted,