Skip to content

Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration #3414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jmprieur merged 16 commits into from
Jul 19, 2025
Merged

Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration #3414

jmprieur merged 16 commits into from
Jul 19, 2025

Conversation

Copy link
Contributor

Copilot AI commented Jul 14, 2025
edited
Loading

Problem

The OidcIdpSignedAssertionLoader class required IConfiguration to be explicitly registered in the service collection, causing a System.InvalidOperationException when trying to resolve ICustomSignedAssertionProvider implementations:

// This would fail without explicit IConfiguration registration
var oidcIdpSignedAssertionLoader = serviceProvider.GetService<IOidcIdpSignedAssertionLoader>();

Error message:

System.InvalidOperationException : Unable to resolve service for type 'Microsoft.Extensions.Configuration.IConfiguration' while attempting to activate 'Microsoft.Identity.Web.OidcFic.OidcIdpSignedAssertionLoader'.

Solution

Following the design proposal from @jmprieur, this PR implements:

  1. Constructor Change: Modified OidcIdpSignedAssertionLoader constructor to accept IServiceProvider instead of IConfiguration
  2. Just-in-Time Resolution: Added code to resolve IConfiguration from service provider only when needed
  3. Conditional Usage: Configuration binding only occurs when both conditions are met:
    • microsoftIdentityApplicationOptions.Instance is null or empty
    • microsoftIdentityApplicationOptions.Authority equals "//v2.0"
  4. Error Handling: Meaningful error message with troubleshooting link when IConfiguration is needed but not available
  5. Performance Logging: Added debug logging for configuration binding operations

Changes Made

Before

public OidcIdpSignedAssertionLoader(ILogger<OidcIdpSignedAssertionLoader> logger,
    IOptionsMonitor<MicrosoftIdentityApplicationOptions> options,
    IConfiguration configuration,  // Hard dependency
    ITokenAcquirerFactory tokenAcquirerFactory)

After

public OidcIdpSignedAssertionLoader(ILogger<OidcIdpSignedAssertionLoader> logger,
    IOptionsMonitor<MicrosoftIdentityApplicationOptions> options,
    IServiceProvider serviceProvider,  // Service locator for just-in-time resolution
    ITokenAcquirerFactory tokenAcquirerFactory)

Benefits

  • Resolves the original issue - service can be resolved without explicit IConfiguration registration
  • Maintains backward compatibility - existing code continues to work
  • Provides clear error messages when configuration is actually needed but not available
  • Follows dependency injection best practices with service locator pattern only when necessary
  • Includes high performance logging as requested in the design proposal

Testing

  • Existing tests continue to work because TokenAcquirerFactory.GetDefaultInstance() registers IConfiguration
  • New scenarios where IConfiguration is not registered will work unless configuration binding is specifically needed
  • When configuration binding is needed but IConfiguration is not available, a helpful error message with troubleshooting link is provided

Fixes #3411.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI changed the title [WIP] OidcIdpSignedAssertionLoader requires IConfiguration to be registered with a service collection Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration Jul 14, 2025
Copilot AI requested a review from jmprieur July 14, 2025 21:50
jmprieur
jmprieur reviewed Jul 14, 2025
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great start

  • we should use the high performance logging in .NET
  • we need to add unit test for the case where the configuration is null!

Copy link
Contributor Author

Copilot AI commented Jul 14, 2025

Great start

  • we should use the high performance logging in .NET
  • we need to add unit test for the case where the configuration is null!

Both items addressed in commit 62ef492:

  1. Implemented high-performance logging using LoggerMessage.Define patterns with dedicated EventIds
  2. Added comprehensive unit tests for null configuration scenario with 5 test cases covering all edge cases, including the specific case where IConfiguration is not registered

All tests are passing and the implementation follows the high-performance logging patterns used elsewhere in the codebase.

Copilot AI requested a review from jmprieur July 14, 2025 22:29
jmprieur
jmprieur reviewed Jul 14, 2025
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
I've some questions and suggestions @copilot

Copilot AI requested a review from jmprieur July 14, 2025 23:13
@jmprieur jmprieur marked this pull request as ready for review July 14, 2025 23:29
@jmprieur jmprieur requested a review from a team as a code owner July 14, 2025 23:29
@jmprieur
Copy link
Collaborator

jmprieur commented Jul 14, 2025

@copilot you removed too much:

[assembly: InternalsVisibleTo("Microsoft.Identity.Web.Test, PublicKey=00240000048000009400000006020000002400005253413100040000010001002D96616729B54F6D013D71559A017F50AA4861487226C523959D1579B93F3FDF71C08B980FD3130062B03D3DE115C4B84E7AC46AEF5E192A40E7457D5F3A08F66CEAB71143807F2C3CB0DA5E23B38F0559769978406F6E5D30CEADD7985FC73A5A609A8B74A1DF0A29399074A003A226C943D480FEC96DBEC7106A87896539AD")] is needed in the InternalVisibleTo.cs file you removed from Microsoft.Identity.Web.OidcFIC

Copy link
Contributor Author

Copilot AI commented Jul 14, 2025

@copilot you removed too much:

`[assembly: InternalsVisibleTo("Microsoft.Identity.Web.Test, PublicKey=00240000048000009400000006020000002400005253413100040000010001002D96616729B54F6D013D71...

You're absolutely right - I accidentally removed the InternalsVisibleTo.cs file when addressing the previous feedback. The file has been restored with the exact same content as before in commit 84f632b. The assembly attribute is required for the test projects to access internal members of the OidcFIC assembly.

jmprieur
jmprieur approved these changes Jul 14, 2025
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks

GeoK
GeoK reviewed Jul 15, 2025
View reviewed changes
This was referenced Dec 4, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Open
This was referenced Dec 15, 2025
Closed
Closed
Closed
Open
Open
Open
This was referenced Dec 22, 2025
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GeoK GeoK GeoK approved these changes

@jennyf19 jennyf19 jennyf19 approved these changes

@keegan-caruso keegan-caruso Awaiting requested review from keegan-caruso

+1 more reviewer

@jmprieur jmprieur jmprieur approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jmprieur jmprieur

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OidcIdpSignedAssertionLoader requires IConfiguration to be registered with a service collection

5 participants

@jmprieur @GeoK @jennyf19 @keegan-caruso