Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validators call delegates before checking if validation should occur #1272

Merged
merged 1 commit into from
Jan 7, 2020
Merged

Validators call delegates before checking if validation should occur #1272

merged 1 commit into from
Jan 7, 2020

Conversation

mafurman
Copy link
Member

Fixes #1100.

Ex. TokenValidationParameters.AudienceValidator is called before the value of TokenValidationParameters.ValidateAudience is checked.

@mafurman mafurman added this to the 5.6.0 milestone Oct 16, 2019
@henrik-me
Copy link
Contributor 

                        return;

for my education: Would there ever be a situation where there would be multiple audiences which could be valid? (the method takes an enum of audiences), can you pls. help describe the scenario in which this would happen?

Refers to: src/Microsoft.IdentityModel.Tokens/Validators.cs:93 in dc9b6b5. [](commit_id = dc9b6b5, deletion_comment = False)

@mafurman
Copy link
Member Author 

                        return;

for my education: Would there ever be a situation where there would be multiple audiences which could be valid? (the method takes an enum of audiences), can you pls. help describe the scenario in which this would happen?

Refers to: src/Microsoft.IdentityModel.Tokens/Validators.cs:93 in dc9b6b5. [](commit_id = dc9b6b5, deletion_comment = False)

@henrik-me I believe this would mainly be used in the scenario where you could have multiple different represenations of the same audience.

@mafurman mafurman changed the base branch from dev5x to dev October 17, 2019 23:34
@mafurman mafurman changed the base branch from dev to dev5x October 17, 2019 23:34
@mafurman mafurman modified the milestones: 5.6.0, 6.x Oct 17, 2019
@mafurman mafurman force-pushed the mafurman/validationDelegates branch 2 times, most recently from 4d45485 to 4aeae48 Compare October 18, 2019 19:50
@mafurman mafurman changed the base branch from dev5x to dev October 18, 2019 19:50
@mafurman
Copy link
Member Author

This PR has been rebased against dev (previously was dev5x).

@AndersAbel
Copy link
Contributor 

                        return;

for my education: Would there ever be a situation where there would be multiple audiences which could be valid? (the method takes an enum of audiences), can you pls. help describe the scenario in which this would happen?

Refers to: src/Microsoft.IdentityModel.Tokens/Validators.cs:93 in dc9b6b5. [](commit_id = dc9b6b5, deletion_comment = False)

Yes, it is sometimes used for multitenancy SAS deployments. When each tenant/customer has their own domain that is just a CNAME to a common hosting instance each tenant might have their own audience value. The validation on the common host would then accept an audience value for any of the tenant hosts.

@mafurman mafurman force-pushed the mafurman/validationDelegates branch from 4aeae48 to 7f6e418 Compare January 7, 2020 20:40
@mafurman mafurman merged commit 0cd60ff into dev Jan 7, 2020
@mafurman mafurman deleted the mafurman/validationDelegates branch January 7, 2020 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentschmaltz brentschmaltz brentschmaltz approved these changes

@GeoK GeoK Awaiting requested review from GeoK

@henrik-me henrik-me Awaiting requested review from henrik-me

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v6 Backlog
Development

Successfully merging this pull request may close these issues.

If user sets TokenValidationParameters.TokenReplayValidator, it should be called
4 participants
@mafurman @henrik-me @AndersAbel @brentschmaltz