Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] OpenIdConnectConfigurationSerializer.cs bug (on case-insensitive property deserialization) #2402

Closed
stvkouvaris opened this issue Nov 15, 2023 · 5 comments
Closed

[Bug] OpenIdConnectConfigurationSerializer.cs bug (on case-insensitive property deserialization) #2402

stvkouvaris opened this issue Nov 15, 2023 · 5 comments
Assignees
@brentschmaltz
Labels
Bug Product is not functioning as expected Regression
Milestone
7.4.0

Comments

@stvkouvaris
Copy link

stvkouvaris commented Nov 15, 2023
edited
Loading

Which version of Microsoft.IdentityModel are you using?
Microsoft.IdentityModel.Protocols.OpenIdConnect 7.0.3

Where is the issue?
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer deserialization error.

Is this a new or an existing app?
The app is in production and I haven't upgraded Microsoft.IdentityModel.Protocols.OpenIdConnect, but started seeing this issue.

Repro

var oidcDiscoveryEndpoint = "my_discovery_endpoint";
var openIdConfigManager = new ConfigurationManager<OpenIdConnectConfiguration>(
            oidcDiscoveryEndpoint, 
            new OpenIdConnectConfigurationRetriever());
var openIdConfig = await openIdConfigManager.GetConfigurationAsync();

Expected behavior
Returns an OpenIdConnectConfiguration instance.

Actual behavior
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'my_discovery_endpoint'. Will retry at '11/15/2023 1:20:12 PM +00:00'. Exception: 'System.Text.Json.JsonException: IDX11022: Expecting json reader to be positioned on 'JsonTokenType.StartArray', reader was positioned at: 'String', Reading: 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration.response_modes_supported', Position: '172', CurrentDepth: '2', BytesConsumed: '179'.
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadStrings(Utf8JsonReader& reader, ICollection1 strings, String propertyName, String className, Boolean read) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(Utf8JsonReader& reader, OpenIdConnectConfiguration config) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(String json, OpenIdConnectConfiguration config) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(String json) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)'.
---> System.Text.Json.JsonException: IDX11022: Expecting json reader to be positioned on 'JsonTokenType.StartArray', reader was positioned at: 'String', Reading: 'Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration.response_modes_supported', Position: '172', CurrentDepth: '2', BytesConsumed: '179'.
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadStrings(Utf8JsonReader& reader, ICollection1 strings, String propertyName, String className, Boolean read) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(Utf8JsonReader& reader, OpenIdConnectConfiguration config) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(String json, OpenIdConnectConfiguration config) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationSerializer.Read(String json) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication1 application)

Possible solution
There is an obvious issue with the OpenIdConnectConfigurationSerializer.cs and the way it deserializes case insensitive properties.
@stvkouvaris stvkouvaris mentioned this issue Nov 15, 2023
Closed
@jennyf19 jennyf19 added Bug Product is not functioning as expected wilson7 and removed needs attention untriaged labels Nov 15, 2023
@jmprieur
Copy link
Contributor

@stvkouvaris. Thanks for reporting
I'm trying to understand how we didn't chat this earlier: which Identity provider are you using ?

@stvkouvaris
Copy link
Author

@jmprieur No problem! I am using WSO2.

@keegan-caruso keegan-caruso added this to the 7.2.1 milestone Jan 10, 2024
@brentschmaltz
Copy link
Member

@stvkouvaris can ou share the json you are reading?

@stvkouvaris
Copy link
Author

@brentschmaltz Sure. You can check the commit d1b229f. The sample json 'OpenIdConnectMetadataVariableCaseNames' used to break the code.

@keegan-caruso keegan-caruso modified the milestones: 7.3.0, 7.3.1 Jan 29, 2024
@brentschmaltz brentschmaltz self-assigned this Jan 31, 2024
@jennyf19
Copy link
Collaborator

jennyf19 commented Feb 3, 2024

included in 7.3.1 release

@jennyf19 jennyf19 closed this as completed Feb 3, 2024
@pallesaphe pallesaphe mentioned this issue Mar 12, 2024
Closed
@benedict-odonovan benedict-odonovan mentioned this issue Jun 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brentschmaltz brentschmaltz

Labels
Bug Product is not functioning as expected Regression
Projects
None yet
Milestone
7.4.0
5 participants
@brentschmaltz @jmprieur @jennyf19 @stvkouvaris @keegan-caruso