-
Notifications
You must be signed in to change notification settings - Fork 408
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optmise IDX10503 #2436
Optmise IDX10503 #2436
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
separate id's between JsonWebTokenHandler and JwtSecurityTokenHandler, have messages indicate that kid is found (and log) or empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What?
The keys tried during token validation are public keys used to validate the tokens and are listed on a public endpoint. They should be logged without PII to enable partner debugging more easily.
The text of the error should read instead "The token's kid is either missing or doesn't match any of the keys in the configuration" or similar to better reflect the flow as it's possible the token does have a kid, it just doesn't match the keys in config.
WI:
https://identitydivision.visualstudio.com/Engineering/_boards/board/t/Auth%20Client%20-%20AuthNZ%20-%20Customer%20trust/Backlog%20items/?workitem=2723627