Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Documentation] JwtPayload serialisation seems to invoke ToString for complex object claim #2585

Open
1 of 5 tasks
liviasossai opened this issue May 6, 2024 · 0 comments
Open
1 of 5 tasks

[Documentation] JwtPayload serialisation seems to invoke ToString for complex object claim #2585

liviasossai opened this issue May 6, 2024 · 0 comments

Comments

@liviasossai
Copy link

Documentation related to component

IdentityModel 7x releases notes.

Please check all that apply

  • typo
  • documentation doesn't exist
  • documentation needs clarification
  • error(s) in the example
  • needs an example

Description of the issue

Hi, I noticed the JWT additional claim serialisation behaviour has changed after upgrading System.IdentityModel.Tokens.Jwt from version 6.x to 7.x. More specifically, when serialising a claim represented by a list of objects, JsonSecurityTokenHandler.WriteToken seems to invoke the object's ToString() method instead of serialising it. The following sample code:

        public static string GenerateJwt()
        {
            var listClaim = new MyClass[] { new() { Name = "test" } };
            var payload = new JwtPayload()
            {
                { "claim", 1.0 },
                { "listClaim", listClaim }
            };

            var securityKey = new RsaSecurityKey(RSA.Create());
            var signingCredentials = new SigningCredentials(securityKey, "RS256");

            var token = new JwtSecurityToken(new JwtHeader(signingCredentials), payload);

            return new JwtSecurityTokenHandler().WriteToken(token);
        }

Generates this JWT payload:

{
  "claim": 1,
  "listClaim": [
    "test_jwt.MyClass"
  ]
}

Previously, the payload was serialised as:

{
  "claim": 1,
  "listClaim": [
    {
      "Name": "test"
    }
  ]
}

The behaviour described above only happens if instantiating JwtPayload with the additional claims dictionary (Dictionary<string, object>). A possible workaround is to instantiate JsonPayload with a list of Claim objects as follows:

            var payload = new JwtPayload(
                new Claim[]
                {
                    new("claim", "1.0"),
                    new("listClaim", JsonSerializer.Serialize(listClaim), JsonClaimValueTypes.Json),
                });

I noticed this behaviour was introduced here. The 7.x releases notes mention some changes to the serialisation behaviour, but doesn't specify the one described above.
Logging as a documentation issue as I am not sure if this behaviour change is expected (and not documented) or a bug.

Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liviasossai