-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] when read claims from JWT is skipping even claims and only reading odds. #2546
Comments
Same problem. Every second claim is skipped, including the expiration date (which breaks the JWT logic). The JwtPayload.CreatePayload method uses Utf8JsonReader to parse the token and calls reader.Read() each time to read the value and keys forward. Therefore my first guess: it must be a misplaced “reader.Read()” in the code. I debugged the parsing loop cycle in case of a custom claim-id/name and it led me to the first (reader index at first Entry.Key), second (first Entry.Value) and third (second Entry.Key) reader.Read() in one cycle. When the parsing cycle tries to parse the next key it gets value of the second Entry. I reverted to 7.3.1 as @jmborroto said and it works again. |
@jmborroto & @ArthurSett, issue is related to dependency mismatch on the test you provide, please update your transitive dependencies to match Version="7.5.0" for certain transitive dependencies. Please try the following in on the JWT token Test.csproj.
Please confirm if this works to close this issue. Thanks! |
This is a new project created only to add the test class and added the MI.JsonWebToken nugget package to make it easy to demonstrate, if any dependency that is needed is not included by default is because the nugget package is not configured to include the correct ones. That also caused issues in our big project where we first notice the issue so if the nugget package is not fix then anyone just installing the nugget package will have the same issue. |
Yikes I just ran into this when I installed Openiddict and it referneced a newer version of the identity model packages, but the Identity openIDConnect was an old version being referneced by Aspnet.Core JwtBearer. I hope this can get figured out so it's less painful to debug. |
Which version of Microsoft.IdentityModel are you using? 7.5.0
Where is the issue?
Is this a new or an existing app?
The app is on development.
Repro
Attached is a UnitTest project which includes three tests:
JWT token Test.zip
Expected behavior
When claims are added to the token, all of them should be retrievable independen of the order or parity.
Actual behavior
The library is skipping one claim in between. To be more precise, the odd-numbered claims are retrievable, while the even-numbered claims are skipped. It appears that everything was fine until version 7.3.1. However, if you test it with version 7.4 or higher, the bug will start to appear.
The text was updated successfully, but these errors were encountered: