-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Claims with multiple values are incorrectly serialized in 7.0.0-preview3 #2244
Comments
@kevinchalet I have to say I am really surprised by this. |
Hahaha, no need to say I was surprised too 😄 |
@kevinchalet issue #2246 with the dictionary is different, preview1 was using our internal newtonsoft which has a very generous deserialization engine. |
Sadly, this will break existing versions of OpenIddict 😭 If you can't fix that, is there at least a way to get a |
@kevinchalet we will fix #2246 by supporting a number of collections such as List, List, Collection, string[], object[], etc. The question we are debating is how may such types do we support? |
fixed by: #2248 |
With AOT in mind, not wanting to support every possible combination is certainly understandable. I'm personally - not at all - opposed to using
|
@kevinchalet : would this work for you: #2255 ? |
It could certainly be an option, but I personally don't need "full serialization" support (i.e being able to project the JSON representation to any arbitrary CLR type). I actually just need a stable way to access the JSON tree, so the low-level I just need to know whether |
I am not expert here but it looks like exposing something like this public JsonElement HeaderElement => Header.RootElement; would provide all the flexibility @kevinchalet is asking for. And probably would be a solution to anyone who need some custom deserialization. Assuming that using STJ is here to stay, or at least do it for the platforms that have it in their runtime. |
@sebastienros yup, that would be the best option (assuming tying I opened #2260 earlier today to discuss that. |
There's a serious regression in 7.0.0-preview3 that affects the serialization of identities containing multiple claims of the same type:
7.0.0-preview creates a token with the expected JSON payload:
7.0.0-preview3 doesn't: two values are missing 😱
/cc @brentschmaltz @jennyf19 it's a serious regression that may have security implications as it can lead to incorrect authorization decisions. I suggest marking it as a priority bug and unlisting 7.0.0-preview3 until it's fixed 😃
The text was updated successfully, but these errors were encountered: