-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] WebApiAuthenticationBuilderExtensions.cs should consider cloning TokenValidationParameters #241
Comments
Thanks @brentschmaltz ! |
@brentschmaltz is it only about adding options.TokenValidationParameters = options.TokenValidationParameters.Clone(); before starting using the options.TokenValidationParameters ? for instance here: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/WebApiAuthenticationBuilderExtensions.cs#L102 ? |
@jmprieur i haven't reviewed the entire call graph, but the idea is if you modify TokenValidationParameters by adding an audience, issuer, etc, then you should call clone first. |
Thanks @brentschmaltz |
Included in 0.2.0-preview release |
Which Version of Microsoft Identity Web are you using ?
Note that to get help, you need to run the latest version.
Microsoft Identity Web 0.1.5-preview
Where is the issue?
AddMicrosoftWebApi
uses the value ofTokenValidationParameters
fromJwtBearerOptions
. Any modifications will affect any other users ofJwtBearerOptions
. It would be better to useTokenValidationParameters.Clone()
.The text was updated successfully, but these errors were encountered: