From c6ad80a6599ce1a56b19109fa48360a5543acea5 Mon Sep 17 00:00:00 2001 From: Stephen Halter Date: Fri, 2 Feb 2024 12:57:02 -0800 Subject: [PATCH] Link to breaking change announcement in IDX10506 When an IDX10506 exception is thrown from JsonWebTokenHandler, there's a good chance this is due to a breaking change to ASP.NET Core 8. This adds a link to the breaking change announcement at https://learn.microsoft.com/en-us/dotnet/core/compatibility/aspnet-core/8.0/securitytoken-events --- .../JsonWebTokenHandler.cs | 14 +++++++------- .../LogMessages.cs | 3 +++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs index c5d42bd84f..816b91a283 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs @@ -17,7 +17,7 @@ namespace Microsoft.IdentityModel.JsonWebTokens { /// - /// A designed for creating and validating Json Web Tokens. + /// A designed for creating and validating Json Web Tokens. /// See: https://datatracker.ietf.org/doc/html/rfc7519 and http://www.rfc-editor.org/info/rfc7515. /// public partial class JsonWebTokenHandler : TokenHandler @@ -38,7 +38,7 @@ public partial class JsonWebTokenHandler : TokenHandler public static bool DefaultMapInboundClaims = false; /// - /// Gets the Base64Url encoded string representation of the following JWT header: + /// Gets the Base64Url encoded string representation of the following JWT header: /// { , }. /// /// The Base64Url encoded string representation of the unsigned JWT header. @@ -85,7 +85,7 @@ public static string ShortClaimTypeProperty } /// - /// Gets or sets the property which is used when determining whether or not to map claim types that are extracted when validating a . + /// Gets or sets the property which is used when determining whether or not to map claim types that are extracted when validating a . /// If this is set to true, the is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs. /// The default value is false. /// @@ -104,7 +104,7 @@ public bool MapInboundClaims } /// - /// Gets or sets the which is used when setting the for claims in the extracted when validating a . + /// Gets or sets the which is used when setting the for claims in the extracted when validating a . /// The is set to the JSON claim 'name' after translating using this mapping. /// The default value is ClaimTypeMapping.InboundClaimTypeMap. /// @@ -331,7 +331,7 @@ private ClaimsIdentity CreateClaimsIdentityPrivate(JsonWebToken jwtToken, TokenV } /// - /// Decrypts a JWE and returns the clear text + /// Decrypts a JWE and returns the clear text /// /// the JWE that contains the cypher text. /// contains crypto material. @@ -811,7 +811,7 @@ private static JsonWebToken ValidateSignatureUsingDelegates(JsonWebToken jsonWeb throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(TokenLogMessages.IDX10505, jsonWebToken))); if (!(validatedToken is JsonWebToken validatedJsonWebToken)) - throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(TokenLogMessages.IDX10506, LogHelper.MarkAsNonPII(typeof(JsonWebToken)), LogHelper.MarkAsNonPII(validatedToken.GetType()), jsonWebToken))); + throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(LogMessages.IDX10506, LogHelper.MarkAsNonPII(typeof(JsonWebToken)), LogHelper.MarkAsNonPII(validatedToken.GetType()), jsonWebToken))); return validatedJsonWebToken; } @@ -822,7 +822,7 @@ private static JsonWebToken ValidateSignatureUsingDelegates(JsonWebToken jsonWeb throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(TokenLogMessages.IDX10505, jsonWebToken))); if (!(validatedToken is JsonWebToken validatedJsonWebToken)) - throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(TokenLogMessages.IDX10506, LogHelper.MarkAsNonPII(typeof(JsonWebToken)), LogHelper.MarkAsNonPII(validatedToken.GetType()), jsonWebToken))); + throw LogHelper.LogExceptionMessage(new SecurityTokenInvalidSignatureException(LogHelper.FormatInvariant(LogMessages.IDX10506, LogHelper.MarkAsNonPII(typeof(JsonWebToken)), LogHelper.MarkAsNonPII(validatedToken.GetType()), jsonWebToken))); return validatedJsonWebToken; } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs b/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs index b7dd1b2519..112481aabc 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs @@ -13,6 +13,9 @@ internal static class LogMessages { #pragma warning disable 1591 + // This reuses the ID of TokenLogMessages.IDX10506 to provide a message more specific to JsonWebTokens while allowing people searching the ID to search solutions provided for the old message like those at https://stackoverflow.com/questions/77515249/custom-token-validator-not-working-in-net-8 + internal const string IDX10506 = "IDX10506: Signature validation failed. The user defined 'Delegate' specified on TokenValidationParameters did not return a '{0}', but returned a '{1}' when validating token: '{2}'. If you are using ASP.NET Core 8 or later, see https://learn.microsoft.com/en-us/dotnet/core/compatibility/aspnet-core/8.0/securitytoken-events for more details."; + // signature creation / validation internal const string IDX14000 = "IDX14000: Signature validation of this JWT is not supported for: Algorithm: '{0}', SecurityKey: '{1}'.";