You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I noticed the JWT additional claim serialisation behaviour has changed after upgrading System.IdentityModel.Tokens.Jwt from version 6.x to 7.x. More specifically, when serialising a claim represented by a list of objects, JsonSecurityTokenHandler.WriteToken seems to invoke the object's ToString() method instead of serialising it. The following sample code:
public static string GenerateJwt()
{
var listClaim = new MyClass[] { new() { Name = "test" } };
var payload = new JwtPayload()
{
{ "claim", 1.0 },
{ "listClaim", listClaim }
};
var securityKey = new RsaSecurityKey(RSA.Create());
var signingCredentials = new SigningCredentials(securityKey, "RS256");
var token = new JwtSecurityToken(new JwtHeader(signingCredentials), payload);
return new JwtSecurityTokenHandler().WriteToken(token);
}
The behaviour described above only happens if instantiating JwtPayload with the additional claims dictionary (Dictionary<string, object>). A possible workaround is to instantiate JsonPayload with a list of Claim objects as follows:
var payload = new JwtPayload(
new Claim[]
{
new("claim", "1.0"),
new("listClaim", JsonSerializer.Serialize(listClaim), JsonClaimValueTypes.Json),
});
I noticed this behaviour was introduced here. The 7.x releases notes mention some changes to the serialisation behaviour, but doesn't specify the one described above.
Logging as a documentation issue as I am not sure if this behaviour change is expected (and not documented) or a bug.
Thanks.
The text was updated successfully, but these errors were encountered:
Documentation related to component
IdentityModel 7x releases notes.
Please check all that apply
Description of the issue
Hi, I noticed the JWT additional claim serialisation behaviour has changed after upgrading
System.IdentityModel.Tokens.Jwt
from version 6.x to 7.x. More specifically, when serialising a claim represented by a list of objects,JsonSecurityTokenHandler.WriteToken
seems to invoke the object'sToString()
method instead of serialising it. The following sample code:Generates this JWT payload:
Previously, the payload was serialised as:
The behaviour described above only happens if instantiating
JwtPayload
with the additional claims dictionary (Dictionary<string, object>
). A possible workaround is to instantiateJsonPayload
with a list ofClaim
objects as follows:I noticed this behaviour was introduced here. The 7.x releases notes mention some changes to the serialisation behaviour, but doesn't specify the one described above.
Logging as a documentation issue as I am not sure if this behaviour change is expected (and not documented) or a bug.
Thanks.
The text was updated successfully, but these errors were encountered: