Removed dependency on System.IdentityModel.Tokens.Jwt from WPS #22112
Conversation
|
|
||
| string accessToken = JwtUtils.GenerateJwtBearer(audience, claims: null, expiresAt, _credential); | ||
| // TODO: is this a bug in the service? |
There was a problem hiding this comment.
@vicancy, I noticed something strange when I was changing this code. The key string comes from the portal. If I Base64 decode it, this library will not successfully authenticate with the service. If I just use ASCII bytes of the key string, it does work. The same behavior was present in preview 1, but I find it strange. Key strings of other services need to be Base64 decoded.
|
@GrabYourPitchforks, you might want to look into the NS2Bridge.cs for BCL text transformation APIs we would love to have in a package. |
| int maxBufferLength = | ||
| Base64.GetMaxEncodedToUtf8Length(headerSha256.Length + payloadLength) | ||
| + 1 // dot | ||
| + Base64.GetMaxEncodedToUtf8Length(32); // signature SHA256 hash size |
There was a problem hiding this comment.
Could we make this static readonly to avoid computing it once per call?
There was a problem hiding this comment.
Payload length is per call. The Uri and DateTimeOffsets change between calls. This computation is very cheap. It's just 4/3 * length. https://github.com/dotnet/runtime/blob/main/src/libraries/System.Memory/src/System/Buffers/Text/Base64Encoder.cs#L150
There was a problem hiding this comment.
Feedback was specifically about the just making the result of a Base64.GetMaxEncodedToUtf8Length(32) constant, but no need to change things here.
sdk/webpubsub/Azure.Messaging.WebPubSub/tests/WebPubSubParseConnectionStringTests.cs
Outdated
Show resolved
Hide resolved
| Assert.NotNull(exp); | ||
| Assert.IsTrue(long.TryParse(exp, out var expireAt)); | ||
|
|
||
| // default expire atfte should be ~5 minutes (~300 seconds) |
There was a problem hiding this comment.
| // default expire atfte should be ~5 minutes (~300 seconds) | |
| // default expire after should be ~5 minutes (~300 seconds) |
| return result; | ||
| } | ||
|
|
||
| public static void Append(this StringBuilder sb, ReadOnlySpan<char> value) |
There was a problem hiding this comment.
This method is unused, can it be removed?
There was a problem hiding this comment.
Yeah, I had a WriteTo(StringBulder) overload. But I removed it. If we ever make the JwtBulder public, it would be good to have these, but I will add them at that point.
sdk/webpubsub/Azure.Messaging.WebPubSub/src/WebPubSubAuthenticationPolicy.cs
Show resolved
Hide resolved
| public static ReadOnlySpan<byte> Iss => s_iss; | ||
| public static ReadOnlySpan<byte> Jti => s_jti; | ||
|
|
||
| // this is the standrd JWT header. { "alg": "HS256", "typ": "JWT" } |
There was a problem hiding this comment.
| // this is the standrd JWT header. { "alg": "HS256", "typ": "JWT" } | |
| // this is Base64 encoding of the standard JWT header. { "alg": "HS256", "typ": "JWT" } |
| private Utf8JsonWriter _writer; | ||
| private MemoryStream _memoryStream; | ||
| private byte[] _key; | ||
| private bool isDisposed; |
There was a problem hiding this comment.
NIT: should we name it _isDisposed?
| int payloadLength = (int)_writer.BytesCommitted; // writer is wrrapping MemoryStream, and so the length will never overflow int. | ||
|
|
||
| int payloadIndex = headerSha256.Length; | ||
| int maxBufferLength = |
There was a problem hiding this comment.
Any concerns about /this/ computation overflowing?
There was a problem hiding this comment.
It would be very hard to make it overflow, but I changed the code to do checked additions.
…nnectionStringTests.cs Co-authored-by: Matt Ellis <matt.ellis@microsoft.com>
This PR includes a custom implementation of a JWT builder/writer.
The JwtBuilder is now used instead of an external dependency on System.IdentityModel.Tokens.Jwt
I wanted to make the code fast and non-allocating. The System.IdentityModel.Tokens.Jwt library caches tokens. This new implementation does not. The cache has been identified as problematic in preview 1.