Skip to content

Serialize and deserialize actor token in claims identity #3219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
saurabhsathe-ms wants to merge 86 commits into
base: dev
Choose a base branch
from
Open

Serialize and deserialize actor token in claims identity #3219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
86 commits
Select commit Hold shift + click to select a range
105e513
Added a test case to test presence of Signature in JsonWebToken. This…
saurabhsathe-ms May 1, 2025
b5c02e6
Included reference and implemented serialization logic
saurabhsathe-ms May 2, 2025
90d5667
Added a json parser that can parse the stringified claim without brea…
saurabhsathe-ms May 2, 2025
2a0c1b1
Found an ovverriden create token method for our requirement. Removing…
saurabhsathe-ms May 2, 2025
9b0c1bd
Added a check to ensure that the claimvalue is a valid json
saurabhsathe-ms May 2, 2025
b7a2280
Added logic to handle actor token from claims dictionary. Updated tes…
saurabhsathe-ms May 3, 2025
7b65a01
Updated JsonWebTokenHandlerCreateToken.cs to accomodate new changes. …
saurabhsathe-ms May 4, 2025
cd264f5
Removed the print statements and added header
saurabhsathe-ms May 4, 2025
a7b578d
"ActorTokenInClaimsDictionaryShouldBeProperlySerialized" now properly…
saurabhsathe-ms May 6, 2025
7a657e9
Added new testcases, added comments to testcase and modified existing…
saurabhsathe-ms May 6, 2025
04257cd
NIT repairs
saurabhsathe-ms May 6, 2025
d354200
Added one testcase to test MaxActorChainLength values.
saurabhsathe-ms May 6, 2025
ff64ddd
Removed Console.Writeline debugging statements
saurabhsathe-ms May 6, 2025
f66c4d0
Moved the Actor chain length parameter into a Configuration class tha…
saurabhsathe-ms May 7, 2025
5dc4a49
Made the configuration class public and static
saurabhsathe-ms May 7, 2025
ccb0688
Update src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.…
saurabhsathe-ms May 7, 2025
92a6285
Update src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.…
saurabhsathe-ms May 7, 2025
99f7fd5
Repaired testcases as per the suggestions on PR
saurabhsathe-ms May 7, 2025
4185264
Renamed JsonWebTokenConfiguration to JsonWebTokenHandlerConfiguration
saurabhsathe-ms May 7, 2025
8dcbdb3
Removed the comments on testcase
saurabhsathe-ms May 7, 2025
89cd0e4
Updated the configuration summary.
saurabhsathe-ms May 8, 2025
3ad51eb
Moved the MaxActorChainLength to SecurityTokenDescriptor
saurabhsathe-ms May 8, 2025
3f348bc
All test cases passed and introduced JWTclaimTypeName
saurabhsathe-ms May 8, 2025
787099b
Updated JsonWebToken.cs to now use SecurityTokenDescriptor.ActorClaim…
saurabhsathe-ms May 8, 2025
a92b6d6
Introduced a flag that we will be using to turn the feature on or off
saurabhsathe-ms May 9, 2025
36623ea
Cleaned the code and brought it all under one function
saurabhsathe-ms May 12, 2025
e3c25f9
Implemented non static version of ActorClaimName
saurabhsathe-ms May 13, 2025
e20d067
Removed console lines, Added a condition to check if the max actor ch…
saurabhsathe-ms May 13, 2025
d531454
moved actor chain depth to Security Token Descriptor
saurabhsathe-ms May 13, 2025
d79c61b
Updated validation parameters to validate JWT token upto a certain limit
saurabhsathe-ms May 15, 2025
f7de606
Removed old serialization. Added json object serialization and update…
saurabhsathe-ms May 17, 2025
f3c6ed2
Removed the changes to PublicUnshipped files for each frameworks
saurabhsathe-ms May 18, 2025
4185c6f
Added a delegate that users can use to validate their token
saurabhsathe-ms May 19, 2025
4c57aaf
NIT repairs round 1
saurabhsathe-ms May 19, 2025
a585112
Removed everything from TokenValidationParameters and the delegate
saurabhsathe-ms May 20, 2025
e6638ae
Revert "Removed everything from TokenValidationParameters and the del…
saurabhsathe-ms May 21, 2025
95db310
Renamed the switch and removed the validation code
saurabhsathe-ms May 21, 2025
9a1f6ed
Changed delegate name and added the tests to test our new function?
saurabhsathe-ms May 22, 2025
5e10aec
Added a testcase to test if act claim was properly deserialized
saurabhsathe-ms May 22, 2025
3b21635
Updated my local branch with dev
saurabhsathe-ms May 22, 2025
a7398a8
Created delegate and added testcases
saurabhsathe-ms May 23, 2025
a8efcb8
Fixed one bug in Deserialization. Divided all the testcases in 2 part…
saurabhsathe-ms May 23, 2025
4d2770f
NIT repairs, renamed some fields and adjusted some default values as …
saurabhsathe-ms May 23, 2025
bd78d2e
Some more NIT repairs
saurabhsathe-ms May 23, 2025
9503403
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms May 23, 2025
78cc3bc
Updated the code custom actclaimretrievervalidator call with token va…
saurabhsathe-ms May 27, 2025
bbb2f02
Updated summary for our new AppContextSwitch
saurabhsathe-ms May 27, 2025
e7952d1
Removed App context switch replaced it with request based property
saurabhsathe-ms Jun 4, 2025
e3e47ee
NIT updates
saurabhsathe-ms Jun 4, 2025
06b5820
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms Jun 4, 2025
1dfda65
Removed the use of flag during serialization and everything is working
saurabhsathe-ms Jun 7, 2025
6caaae5
Removed the flag from SecurityTokenDescriptor altogether
saurabhsathe-ms Jun 7, 2025
7cbe282
Removed the flag from token validation parameters too. Also added one…
saurabhsathe-ms Jun 7, 2025
8eede12
Latest pull
saurabhsathe-ms Jun 16, 2025
e5ce2bc
Merge branch 'ssathe/serializeClaimsIdentityWithoutFlag' into ssathe/…
saurabhsathe-ms Jun 16, 2025
e28773c
Resolved feedback!
saurabhsathe-ms Jun 19, 2025
badf08a
Change HasKey with TryGetValue for perf improvement
saurabhsathe-ms Jun 19, 2025
2c23923
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms Jun 20, 2025
2ab6ef6
Merge with main
saurabhsathe-ms Sep 30, 2025
78b00fc
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms Dec 4, 2025
b650e58
merged main
saurabhsathe-ms Mar 4, 2026
95903fd
Fixed token validation parameters
saurabhsathe-ms Mar 4, 2026
726c0f0
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms Mar 26, 2026
0bc5f3f
Resolved a lot of feedback from Peter and solutons builds
saurabhsathe-ms Mar 27, 2026
065e3ed
Removed the switch related remarks from everywhere
saurabhsathe-ms Mar 28, 2026
d711be7
Renamed the tests as per the feedback
saurabhsathe-ms Mar 28, 2026
2f0a760
Made the "ActorChainDepth", "MaxActorChainLength" internal on recomme…
saurabhsathe-ms Mar 28, 2026
e0d2b3e
All tests are passing now!
saurabhsathe-ms Mar 30, 2026
d55dd2e
MaxActorChainLength no longer settteable
saurabhsathe-ms Mar 30, 2026
78ebfe1
Added tests related to claims mappins
saurabhsathe-ms Mar 30, 2026
ffcae69
Removed the MaxActorChain length from security token descriptor and t…
saurabhsathe-ms Mar 30, 2026
c00fbd2
Merge branch 'dev' into ssathe/serializeClaimsIdentity
saurabhsathe-ms Mar 30, 2026
766152a
Update src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
saurabhsathe-ms Apr 6, 2026
92f8691
Update src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
saurabhsathe-ms Apr 6, 2026
f6e1c8e
Update src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
saurabhsathe-ms Apr 6, 2026
934f0b0
Update src/Microsoft.IdentityModel.Tokens/SecurityTokenDescriptor.cs
saurabhsathe-ms Apr 6, 2026
ce5bdb5
Update src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
saurabhsathe-ms Apr 6, 2026
893d2b5
Update src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
saurabhsathe-ms Apr 6, 2026
3372585
NIT comment 1
saurabhsathe-ms Apr 14, 2026
21dad60
NIT comment 2 resolution
saurabhsathe-ms Apr 14, 2026
0d1985a
NIT comment 3
saurabhsathe-ms Apr 14, 2026
419b2bf
NIT comment resolution 4
saurabhsathe-ms Apr 14, 2026
39bf3c4
Addressed nit comments 5 and 6 related to periods here
saurabhsathe-ms Apr 14, 2026
80cec2d
Addressed NIT comments
saurabhsathe-ms Apr 14, 2026
639adc8
NIT
saurabhsathe-ms Apr 14, 2026
9bbca1a
NIT updates
saurabhsathe-ms Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.CreateToken.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -668,11 +668,17 @@ internal static void WriteJwsPayload(
// Duplicates are resolved according to the following priority:
// SecurityTokenDescriptor.{Audience/Audiences, Issuer, Expires, IssuedAt, NotBefore}, SecurityTokenDescriptor.Claims, SecurityTokenDescriptor.Subject.Claims
// SecurityTokenDescriptor.Claims are KeyValuePairs<string,object>, whereas SecurityTokenDescriptor.Subject.Claims are System.Security.Claims.Claim and are processed differently.
bool isActorFound = false;

if (tokenDescriptor.Claims != null && tokenDescriptor.Claims.Count > 0)
{
foreach (KeyValuePair<string, object> kvp in tokenDescriptor.Claims)
{
if (kvp.Key.Equals(tokenDescriptor.ActorClaimType, StringComparison.Ordinal))
Comment thread
saurabhsathe-ms marked this conversation as resolved.
{
isActorFound = true;
continue;
}
if (!descriptorClaimsAudienceChecked && kvp.Key.Equals(JwtRegisteredClaimNames.Aud, StringComparison.Ordinal))
{
descriptorClaimsAudienceChecked = true;
Expand Down Expand Up @@ -754,6 +760,8 @@ internal static void WriteJwsPayload(
JsonPrimitives.WriteObject(ref writer, kvp.Key, kvp.Value);
}
}
if (isActorFound || tokenDescriptor.Subject?.Actor != null)
Comment thread
saurabhsathe-ms marked this conversation as resolved.
WriteActorToken(ref writer, tokenDescriptor, setDefaultTimesOnTokenCreation, tokenLifetimeInMinutes);

AddSubjectClaims(ref writer, tokenDescriptor, audienceSet, issuerSet, ref expSet, ref iatSet, ref nbfSet);

Expand Down Expand Up @@ -1071,6 +1079,70 @@ internal static byte[] WriteJweHeader(SecurityTokenDescriptor tokenDescriptor)
}
}
}
internal static void WriteActorToken(
ref Utf8JsonWriter writer,
SecurityTokenDescriptor tokenDescriptor,
bool setDefaultTimesOnTokenCreation,
int tokenLifetimeInMinutes)
{
var actorTokenDescriptor = CreateActorTokenDescriptor(tokenDescriptor);
if (actorTokenDescriptor == null || actorTokenDescriptor.Subject == null)
return;

writer.WritePropertyName(tokenDescriptor.ActorClaimType);
Comment thread
saurabhsathe-ms marked this conversation as resolved.
WriteJwsPayload(ref writer, actorTokenDescriptor, setDefaultTimesOnTokenCreation, tokenLifetimeInMinutes);
Comment thread
saurabhsathe-ms marked this conversation as resolved.
}

private static void ValidateActorChainDepth(SecurityTokenDescriptor tokenDescriptor)
{
if (tokenDescriptor.ActorChainDepth >= tokenDescriptor.MaxActorChainLength)
{
throw LogHelper.LogExceptionMessage(
new SecurityTokenException(LogHelper.FormatInvariant(
LogMessages.IDX14313,
LogHelper.MarkAsNonPII(tokenDescriptor.ActorChainDepth),
LogHelper.MarkAsNonPII(tokenDescriptor.MaxActorChainLength))));
}
}

private static SecurityTokenDescriptor CreateActorTokenDescriptor(SecurityTokenDescriptor tokenDescriptor)
{
SecurityTokenDescriptor actorTokenDescriptor = null;

if (tokenDescriptor.Claims?.TryGetValue(tokenDescriptor.ActorClaimType, out object actorValue) == true)
{
if (actorValue is not ClaimsIdentity actor)
{
throw LogHelper.LogExceptionMessage(new SecurityTokenException(
LogHelper.FormatInvariant(
LogMessages.IDX14315,
LogHelper.MarkAsNonPII(tokenDescriptor.ActorClaimType),
LogHelper.MarkAsNonPII(actorValue?.GetType().FullName ?? "null"))));
}

actorTokenDescriptor = new SecurityTokenDescriptor
{
Subject = actor,
};

}
// Then check for actor in subject
else if (tokenDescriptor.Subject?.Actor != null)
{
actorTokenDescriptor = new SecurityTokenDescriptor
{
Subject = tokenDescriptor.Subject.Actor,
};
}
if (actorTokenDescriptor != null)
{
ValidateActorChainDepth(tokenDescriptor);
actorTokenDescriptor.ActorClaimType = tokenDescriptor.ActorClaimType;
actorTokenDescriptor.ActorChainDepth = tokenDescriptor.ActorChainDepth + 1;
}

return actorTokenDescriptor;
}

internal static byte[] CompressToken(byte[] utf8Bytes, string compressionAlgorithm)
{
Expand Down
150 changes: 134 additions & 16 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text.Json;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;
Expand Down Expand Up @@ -222,19 +223,14 @@ private ClaimsIdentity CreateClaimsIdentityWithMapping(JsonWebToken jwtToken, To
if (!wasMapped)
claimType = jwtClaim.Type;

if (claimType == ClaimTypes.Actor)
if (claimType.Equals(validationParameters.ActorClaimType) || claimType.Equals(JwtRegisteredClaimNames.Actort))
{
if (identity.Actor != null)
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(
LogMessages.IDX14112,
LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort),
LogHelper.MarkAsNonPII(claimType),
jwtClaim.Value)));

if (CanReadToken(jwtClaim.Value))
{
JsonWebToken actor = ReadToken(jwtClaim.Value) as JsonWebToken;
identity.Actor = CreateClaimsIdentity(actor, validationParameters);
}
identity.Actor = CreateClaimsIdentityActor(jwtToken, jwtClaim.Value, validationParameters, claimType.Equals(validationParameters.ActorClaimType));
}

if (wasMapped)
Expand Down Expand Up @@ -287,16 +283,11 @@ private ClaimsIdentity CreateClaimsIdentityPrivate(JsonWebToken jwtToken, TokenV
foreach (Claim jwtClaim in jwtToken.Claims)
{
string claimType = jwtClaim.Type;
if (claimType == ClaimTypes.Actor)
if (claimType == validationParameters.ActorClaimType || claimType.Equals("actort"))
{
if (identity.Actor != null)
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX14112, LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort), jwtClaim.Value)));

if (CanReadToken(jwtClaim.Value))
{
JsonWebToken actor = ReadToken(jwtClaim.Value) as JsonWebToken;
identity.Actor = CreateClaimsIdentity(actor, validationParameters, issuer);
}
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX14112, LogHelper.MarkAsNonPII(claimType), jwtClaim.Value)));
identity.Actor = CreateClaimsIdentityActor(jwtToken, jwtClaim.Value, validationParameters, claimType.Equals(validationParameters.ActorClaimType));
}

if (jwtClaim.Properties.Count == 0)
Expand Down Expand Up @@ -621,5 +612,132 @@ private static TokenValidationResult ReadToken(string token, TokenValidationPara
IsValid = true
};
}

/// <summary>
/// Creates a ClaimsIdentity from an actor claim string.
/// </summary>
/// <param name="jwtToken">The actual JWT token parsed into JsonWebToken class.</param>
/// <param name="actorString">The actor claim string.</param>
/// <param name="tokenValidationParameters">The token validation parameters.</param>
/// <param name="isStandardAct">This tells us if we want to deserialize it as a JWT or Json Object. If this is set to true then we deserialize as JsonObject else as JWT.</param>
/// <returns>A ClaimsIdentity representing the actor.</returns>
/// <exception cref="ArgumentNullException">Thrown if <paramref name="actorString"/> or <paramref name="tokenValidationParameters"/> is null.</exception>
private ClaimsIdentity CreateClaimsIdentityActor(
JsonWebToken jwtToken,
string actorString,
TokenValidationParameters tokenValidationParameters,
bool isStandardAct = false)
{
if (string.IsNullOrEmpty(actorString))
throw LogHelper.LogArgumentNullException(nameof(actorString));

if (tokenValidationParameters == null)
throw LogHelper.LogArgumentNullException(nameof(tokenValidationParameters));

if (isStandardAct)
{
if (jwtToken.TryGetPayloadValue<JsonElement>(tokenValidationParameters.ActorClaimType, out JsonElement actClaim))
{
if (tokenValidationParameters.ActClaimRetrieverDelegate != null)
{
try
{
return tokenValidationParameters.ActClaimRetrieverDelegate(actClaim, tokenValidationParameters);
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new SecurityTokenDecryptionFailedException(LogHelper.FormatInvariant(
LogMessages.IDX14314,
LogHelper.MarkAsNonPII(ex.ToString()))));
}
}
else
{
return CreateActorClaimsIdentityFromJsonElement(actClaim, tokenValidationParameters);
}
}
}
else
{
if (CanReadToken(actorString))
{
JsonWebToken actor = ReadToken(actorString) as JsonWebToken;
return CreateClaimsIdentity(actor, tokenValidationParameters);
}
}

return null;
}

/// <summary>
/// Creates a ClaimsIdentity from a JsonElement that represents an actor token.
/// </summary>
/// <param name="jsonElement">The JsonElement containing actor claims.</param>
/// <param name="tokenValidationParameters">These parameters have details like nested actor chain length and max permissible actor length.</param>
/// <param name="issuer">The issuer for the claims.</param>
/// <returns>A ClaimsIdentity containing claims from the JsonElement.</returns>
internal static ClaimsIdentity CreateActorClaimsIdentityFromJsonElement(
JsonElement jsonElement,
TokenValidationParameters tokenValidationParameters,
string issuer = null)
{
if (tokenValidationParameters == null)
throw LogHelper.LogArgumentNullException(nameof(tokenValidationParameters));

if (tokenValidationParameters.ActorChainDepth >= tokenValidationParameters.MaxActorChainLength)
{
throw LogHelper.LogExceptionMessage(
new SecurityTokenException(LogHelper.FormatInvariant(
LogMessages.IDX14313,
LogHelper.MarkAsNonPII(tokenValidationParameters.ActorChainDepth),
LogHelper.MarkAsNonPII(tokenValidationParameters.MaxActorChainLength))));
}

if (jsonElement.ValueKind != JsonValueKind.Object)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14316));

// Use CaseSensitiveClaimsIdentity for consistent behavior with the rest of the library
var identity = new CaseSensitiveClaimsIdentity();

issuer ??= ClaimsIdentity.DefaultIssuer;

foreach (var property in jsonElement.EnumerateObject())
{
string claimType = property.Name;
JsonElement value = property.Value;

// Special handling for nested actor claim
if (claimType == tokenValidationParameters.ActorClaimType)
{
if (value.ValueKind == JsonValueKind.Object)
{
tokenValidationParameters.ActorChainDepth++;
// Recursively create nested actor identity
identity.Actor = CreateActorClaimsIdentityFromJsonElement(
value, tokenValidationParameters, issuer);
}
continue;
}

// For all other claims, create and add them
if (value.ValueKind == JsonValueKind.Array)
{
foreach (JsonElement element in value.EnumerateArray())
{
var claim = JsonClaimSet.CreateClaimFromJsonElement(claimType, issuer, element);
if (claim != null)
identity.AddClaim(claim);
}
}
else
{
var claim = JsonClaimSet.CreateClaimFromJsonElement(claimType, issuer, value);
if (claim != null)
identity.AddClaim(claim);
}
}

return identity;
}
}
}
4 changes: 4 additions & 0 deletions src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,9 @@ internal static class LogMessages
internal const string IDX14310 = "IDX14310: JWE authentication tag is missing.";
internal const string IDX14311 = "IDX14311: Unable to decode the authentication tag as a Base64Url encoded string.";
internal const string IDX14312 = "IDX14312: Unable to decode the cipher text as a Base64Url encoded string.";
internal const string IDX14313 = "IDX14313: Unable to serialize/deserialize act claim. Maximum actor token depth reached. Current nesting depth is {0} while max depth set is {1}";
Comment thread
saurabhsathe-ms marked this conversation as resolved.
internal const string IDX14314 = "IDX14314: Unable to deserialize act claim. Exception faced while using custom delegate to deserialize act claim. Nested exception is :{0}";
internal const string IDX14315 = "IDX14315: Encountered an exception while processing the actor claim. Actor claim {0} is not a claims identity. It is of type {1}.";
internal const string IDX14316 = "IDX14316: Actor token must be a JSON object";
}
}
2 changes: 1 addition & 1 deletion src/Microsoft.IdentityModel.JsonWebTokens/Microsoft.IdentityModel.JsonWebTokens.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk">

<Import Project="..\..\build\common.props" />

Expand Down
9 changes: 9 additions & 0 deletions src/Microsoft.IdentityModel.Tokens/Delegates.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text.Json;
using System.Threading.Tasks;

Expand Down Expand Up @@ -194,4 +195,12 @@ namespace Microsoft.IdentityModel.Tokens
/// <param name="claimValue">The claim value that was read and parsed from the reader.</param>
/// <returns>True, if the claim value was read successfully; false otherwise.</returns>
public delegate bool TryReadJwtClaim(ref Utf8JsonReader reader, JwtSegmentType jwtSegmentType, string claimName, out object claimValue);

/// <summary>
/// Delegate to validate the 'act' claim and create actor's ClaimsIdentity.
/// </summary>
/// <param name="actClaim">The JSON element representing the 'act' claim.</param>
/// <param name="tokenValidationParameters"> Opitonal validation parameters if needed</param>
/// <returns>A ClaimsIdentity representing the actor.</returns>
public delegate ClaimsIdentity ActClaimRetrieverDelegate(JsonElement actClaim, TokenValidationParameters tokenValidationParameters = null);
}
Comment thread
saurabhsathe-ms marked this conversation as resolved.
11 changes: 11 additions & 0 deletions src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
const Microsoft.IdentityModel.Tokens.AppContextSwitches.UseCapitalizedXMLTypeAttrSwitch = "Switch.Microsoft.IdentityModel.UseCapitalizedXMLTypeAttr" -> string
const Microsoft.IdentityModel.Tokens.LogMessages.IDX11027 = "IDX11027: Invalid JsonWebToken handler configuration parameter value provided for {0}. {1}" -> string
static Microsoft.IdentityModel.Tokens.AppContextSwitches.EnableActClaimSupport.get -> bool
static Microsoft.IdentityModel.Tokens.AppContextSwitches.UseCapitalizedXMLTypeAttr.get -> bool
const Microsoft.IdentityModel.Tokens.LogMessages.IDX10278 = "IDX10278: Unable to retrieve configuration from authority: '{0}'. \nProceeding with token decryption in case the relevant properties have been set manually on the TokenValidationParameters. Exception caught: \n {1}. See https://aka.ms/validate-using-configuration-manager for additional information." -> string
static Microsoft.IdentityModel.Tokens.AppContextSwitches.UseCapitalizedXMLTypeAttr.get -> bool
const Microsoft.IdentityModel.Telemetry.TelemetryConstants.BlockingTypeTag = "Blocking" -> string
Expand Down Expand Up @@ -110,3 +113,11 @@ virtual Microsoft.IdentityModel.Tokens.TokenHandler.CreateClaimsIdentityInternal
virtual Microsoft.IdentityModel.Tokens.TokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken token, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
virtual Microsoft.IdentityModel.Tokens.TokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
virtual Microsoft.IdentityModel.Tokens.ValidationError.CreateException() -> System.Exception
Microsoft.IdentityModel.Tokens.TokenValidationParameters.ActorChainDepth.get -> int
Microsoft.IdentityModel.Tokens.TokenValidationParameters.ActorChainDepth.set -> void
Microsoft.IdentityModel.Tokens.TokenValidationParameters.MaxActorChainLength.get -> int
Microsoft.IdentityModel.Tokens.TokenValidationParameters.MaxActorChainLength.set -> void
Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.ActorChainDepth.get -> int
Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.ActorChainDepth.set -> void
Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.MaxActorChainLength.get -> int
Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.MaxActorChainLength.set -> void
1 change: 1 addition & 0 deletions src/Microsoft.IdentityModel.Tokens/LogMessages.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,7 @@ internal static class LogMessages
public const string IDX11023 = "IDX11023: Expecting json reader to be positioned on '{0}', reader was positioned at: '{1}', Reading: '{2}', Position: '{3}', CurrentDepth: '{4}', BytesConsumed: '{5}'.";
public const string IDX11025 = "IDX11025: Cannot serialize object of type: '{0}' into property: '{1}'.";
public const string IDX11026 = "IDX11026: Unable to get claim value as a string from claim type:'{0}', value type was:'{1}'. Acceptable types are String, IList<String>, and System.Text.Json.JsonElement.";
public const string IDX11027 = "IDX11027: Invalid JsonWebToken handler configuration parameter value provided for {0}. {1}";

#pragma warning restore 1591
}
Expand Down
Loading
Loading