New validation model - Public API review #3060
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… of GetCurrentStackFrame() and AddCurrentStackFrame()
…fields onto their own files and made the structures read-only.
…g IList values from two-part constructors.
… no ActorValidationParameters are provided.
…once the classes/structures are made public.
… public. Added to PublicAPI.Unshipped
…om annotated code
…n M.IM.Tokens for all classes not belonging to the new validation path so they can be updated incrementally
…led warnings about public APIs missing nullability annotations in M.IM.JsonWebToken for all classes not belonging to the new validation path so they can be updated incrementally
…bled warnings about public APIs missing nullability annotations in M.IM.Tokens.Saml and M.IM.Tokens.Saml2 for all classes not belonging to the new validation path so they can be updated incrementally
|
Moved out of draft to trigger validations. Will move back. |
|
@iNinja is the idea to ship the preview off of |
|
@jennyf19 yes, that would be best from my perspective, as we need to make many classes and methods public that we don't want to expose on dev. I'll turn this PR back to draft, I moved it out of it to trigger the validations. |
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
jmprieur
approved these changes
Jan 6, 2025
There was a problem hiding this comment.
LGTM
- We'd want to have the cancellation token in the public API have a default value
default(CancellationToken)
Not blocking, but incremental:
- Let's have ToString() methods on the ValidatinSource, and the ValidatedXXX classes. This is nicer when debugging.
- We need to document better the overrides of ValidateTokenAsync in JSonWebTokenHandler. I'll propose something.
- We'd probably want to have code snippets in the validation Error class. I'll propose something.
| /// <exception cref="SecurityTokenMalformedException">Returned if <paramref name="token"/> is not a valid <see cref="JsonWebToken"/>, <see cref="ReadToken(string, CallContext)"/></exception> | ||
| /// <exception cref="SecurityTokenMalformedException">Returned if the validationParameters.TokenReader delegate is not able to parse/read the token as a valid <see cref="JsonWebToken"/>, <see cref="ReadToken(string, CallContext)"/></exception> | ||
| internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync( | ||
| public async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync( | ||
| string token, | ||
| ValidationParameters validationParameters, | ||
| CallContext callContext, | ||
| CancellationToken cancellationToken) |
There was a problem hiding this comment.
It's a best practice to no impose the usage of CancellationToken, by providing the default value:
Suggested change
| CancellationToken cancellationToken) | |
| CancellationToken cancellationToken = default(CancellationToken)) |
jmprieur
reviewed
Jan 6, 2025
| /// </summary> | ||
| /// <param name="logger">The <see cref="ILogger"/> to be used for logging.</param> | ||
| [CLSCompliant(false)] | ||
| public void Log(ILogger logger) |
There was a problem hiding this comment.
Should this be public?
Is it meant to be used by users?
Or maybe just frameworks on top of Wilson? In which case would we want to have an explicit interface implementation?
jmprieur
reviewed
Jan 6, 2025
| @@ -240,7 +256,7 @@ public ValidationError AddStackFrame(StackFrame stackFrame) | |||
| /// <param name="lineNumber">The line number from which this method is called. CAptured automatically by default.</param> | |||
| /// <param name="skipFrames">The number of stack frames to skip when capturing. Used to avoid capturing this method and get the caller instead.</param> | |||
| /// <returns>The updated object.</returns> | |||
| internal ValidationError AddCurrentStackFrame([CallerFilePath] string filePath = "", [CallerLineNumber] int lineNumber = 0, int skipFrames = 1) | |||
| public ValidationError AddCurrentStackFrame([CallerFilePath] string filePath = "", [CallerLineNumber] int lineNumber = 0, int skipFrames = 1) | |||
There was a problem hiding this comment.
Same question. Should it be public? what is the scenario?
There was a problem hiding this comment.
Same question for NullParameter().
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
* Adding end to end tests * Update
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Validation Model - Public API review
This PR is based off #3056, so some changes will show up here until that one is merged.
Note: This branch currently won't build because of some issues with the way the public API analyzers work when there is nullability annotations partially implemented. Working on a fix as well as making APIs public in JsonWebTokens and SAML/SAML2.
This PR is not to be merged.