diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs index 4a7827b585..049cbbf449 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs @@ -445,7 +445,7 @@ private string CreateTokenPrivate(JObject payload, SigningCredentials signingCre rawHeader = Base64UrlEncoder.Encode(Encoding.UTF8.GetBytes(header.ToString(Formatting.None))); JsonWebTokenManager.KeyToHeaderCache.TryAdd(JsonWebTokenManager.GetHeaderCacheKey(signingCredentials), rawHeader); } // Otherwise, if there is no outer JWT header, add additional header claims to this header. - else if (additionalHeaderClaims != null) + else if (additionalHeaderClaims != null && additionalHeaderClaims.Count != 0) { JObject header; if (signingCredentials != null) diff --git a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs index fcc587b29c..9fc2a3fcd8 100644 --- a/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs +++ b/test/Microsoft.IdentityModel.TestUtils/ReferenceTokens.cs @@ -367,15 +367,15 @@ public static string SamlToken_Formated **/ // This token has the default 'typ' header claim value replaced with "TEST". - public static string JWSWithDifferentTyp = "eyJhbGciOiJSUzI1NiIsImtpZCI6IlJzYVNlY3VyaXR5S2V5XzIwNDgiLCJ0eXAiOiJURVNUIn0.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.vTHwBynrQktXA1Xnkburmxun7Omwv6cM71fIgWxIa-hvN5gCwiL68XEp8uYE-GG_UVDZQKYp9vipoLaiJT9uahpKeDIFiLQOaZvKvzLFGFLWMnPMNR1KFl03jljXeffyucPGB99nBQlPxw0vZgHwxgPtx1PhabxuaIHx_pMb1zIjRsuKPvQ82Aa1Jjw-jM2MA0SISCJ9C7fEjacBMPApCr92fbSEECw2YSnjNc4H0WChCFirzu9dU30q6ZXLpCcR-1phkgMoQkf0EzihIO8Z-BVbA1Nx1m9DN5Zi_sCCIlG7KVW9WBwQDzgg08FSJD-YTJXaD_SWCU92oY-CDAj66Q"; + public static string JWSWithDifferentTyp = "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikpzb25XZWJLZXlSc2FfMjA0OCIsInR5cCI6IlRFU1QifQ.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.sEJCD5BGCscJ1JeHUIosTCVCjAgQv9rFSe-sPSYw4F0W25jwM1KNHnLs3YcaKmGutrG4jwLRxgbPzv33oxSpf7f7U76aajwPb0dFlWIJgxTQ4Axfn-PR64msoWsuR9l8bmg5fzKiPKlEtDsG_AiuunwjfoMSBHrsXJdQ3y3Odp6-O1IwwG6ZuDW7rZ542C2ghAYA8aupw_fTV-Yx7B0i0H0uc10rSxtV0bVmKCHs-_Njnk3ViWt4t2HNxfclIaoIYI3VH7J7_RybfzX3WNtCMlmaL16zWL0k5HmRrC8i7OowaGF7EfyTaKoy-jOLSJiQA6K6gHvIFfrnVpFoog1jpQ"; // This token includes two additional header claims: // { "int", 123 } and { "string", "string" }. - public static string JWSWithMultipleAdditionalHeaderClaims = "eyJhbGciOiJSUzI1NiIsImtpZCI6IlJzYVNlY3VyaXR5S2V5XzIwNDgiLCJ0eXAiOiJKV1QiLCJpbnQiOjEyMywic3RyaW5nIjoic3RyaW5nIn0.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.6xWNbX9-EEgoNIhnb1Z6BeCd8Jc1C1sQzmz5B_UMAaHWWqUkk1zNFxZJ2Dueg9D6vgwIK9wYGrf37Oth3j3QMsftnF5fN_E4ohPQviGnalPmxjXrBpBiUTN3fDoA2cDA_aCKWchAsbGnP555HpgD4hhrYqlu3ynUXrZHcfOo5-3p8pCn-qMy16b1eI3BfdDF8hzbmmA2hXgOoRCyVaawaL2MKCyNFWF9KXB4p71QsBWHmKoKEhT1keCAnIDu4DiRYhDi0ped331ut3Vgl6wBvp4-hI6oEmUCkvN03VnjOdRLHK0WvRs5vaxo6B4hCrgAPW8SalJ3ddBHWh7xQyr96A"; + public static string JWSWithMultipleAdditionalHeaderClaims = "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikpzb25XZWJLZXlSc2FfMjA0OCIsInR5cCI6IkpXVCIsImludCI6MTIzLCJzdHJpbmciOiJzdHJpbmcifQ.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.wb93s9X7IgVgA85hB3EtJFtJcJE7IYXR3H7LNgizZkTyT2ArAoCzaLloCrk3gAv4vR5sblYnTqFuVzJqLXJ6tyjUlIynPR71zncqJGAEVwN6O618S_xE3XARQFgzxPdspk3ocUw7J4GK2hMsPj8Umzifibs5c3HB2CMt3wj1NinfG-bi9wHlknm1XftbwF5QpOa55u55CsHRq_7ZAZ_dvVTkMQR3jbONqUvD2a7QqLS3mjSXqk7Z8EUPUgOzFMvEDyMzabE0iHbLUCJRXuIYmYdKXnpzGtXNv8o6ae5V6ZEvrhwu-VZN1Jr46zerQJM-snEvvJcBOv0U30FRmMg5Ww"; // This token includes one additional header claim: // { "int", 123 }. - public static string JWSWithSingleAdditionalHeaderClaim = "eyJhbGciOiJSUzI1NiIsImtpZCI6IlJzYVNlY3VyaXR5S2V5XzIwNDgiLCJ0eXAiOiJKV1QiLCJpbnQiOjEyM30.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.DMuIri56SO6VhXSqMd9gzvWovzV6TNWZuzul2gxVqrKm5nLP3r3HGsnThFZxelMtrLfDKNDvikcVtQA20J1vvGZ1HNPvp8AcSCLt4PQjCl5LkDYglfk1ZxLHirxcj4XBHBuFtLt_kvqFJYbsMahDVemToNlF-S1_lGJ7UAI_WC1ZLahPe1v9UASS7DWuomTuYa9VCduPt2YNnU9CNj2INZbH3peFRuC-_DXkCisnFyqj_wvFtX38pvkuzZSFR-5DRLWfEdtOLbWU2EGuL4AbAj7c8PFfTnY8yFDg7oIcr7JDpcHVqKoRDFhghGY5s4fxEZBG6hNnDCZjvQfhWMfyYA"; + public static string JWSWithSingleAdditionalHeaderClaim = "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikpzb25XZWJLZXlSc2FfMjA0OCIsInR5cCI6IkpXVCIsImludCI6MTIzfQ.eyJlbWFpbCI6IkJvYkBjb250b3NvLmNvbSIsImdpdmVuX25hbWUiOiJCb2IiLCJpc3MiOiJodHRwOi8vRGVmYXVsdC5Jc3N1ZXIuY29tIiwiYXVkIjoiaHR0cDovL0RlZmF1bHQuQXVkaWVuY2UuY29tIiwiaWF0IjoiMTQ4OTc3NTYxNyIsIm5iZiI6IjE0ODk3NzU2MTciLCJleHAiOiIxNjE2MDA2MDE3In0.y2CXDrUg1CMNpcAuacntYroJl3sxTwcGHN5fkuHyKrGOR8PX3SCN2WzkYXNLl-hXGIkS0VRIG0Gy5esdCDrpURhUImj6f8nC2Bq1w6CXktcnGTJxqJccr7R4u857QzGfiwc1H7YrPyB58d9RzZrWlLgQ19QFhYy5XSWKsxzsmcGHvGemaKDgFXlsJOAAlWDbCaD1fDTFzQCA8oRf4Hzbar4VbDm1eNddQHZK6F3tznwGeoaSX-XFWTexxPGoFSNB_3tE7VRk-R3a-JR5Z1EnXEp0ByRaWvSc7rZ_ywENxrvBhSQW7UrSl3aQGQa_tuvGFIdlexiH7mOW0UhZRYNbbQ"; // This token is unsigned and includes one additional header claim: