JsonWebToken.TryGetPayloadValue does not support Aggregated and Distributed Claims

mancyc commented 2 years ago

It does not work for _claim_names and _claim_sources. I checked my decoded payload and that seems to have this key, but below loc returns false

bool claimFound = subjectToken.TryGetPayloadValue("_claim_names", out string claimValue);

I am forced to do a linear search on token.Claims to obtain my ClaimType value for these claims. Requesting a feature to support these claims

jennyf19 commented 2 years ago

@mancyc which claims do you see, the long names or the short names? What are claim_names?

mancyc commented 2 years ago

@jennyf19, I see various other claims too(short names) and JsonWebToken.TryGetPayloadValue works for the rest of them except the 2 mentioned in the issue. Here's my test decoded token for your reference { "nbf": 1652482253, "exp": 1652569253, "iss": "https://127.0.0.1/adfs/11111111-bbbb-3333-dddd-555555555555/", "aud": "https://vault.inprocess.net", "tid": "11111111-bbbb-3333-dddd-555555555555", "oid": "d55efd00-8e7d-49d2-8d7a-b48548e3a5f9", "sub": "d55efd00-8e7d-49d2-8d7a-b48548e3a5f9", "upn": "manygroupstest@aztestkmsbvtoutlook.ccsctp.net", "_claim_names": { "groups": "src1" }, "_claim_sources": { "src1": { "endpoint": "https://127.0.0.1/adfs/graph/11111111-bbbb-3333-dddd-555555555555/users/manygroupstest/getMemberObjects" } } }

brentschmaltz commented 2 years ago

@mancyc what if anything is returned from subjectToken.TryGetPayloadValue("_claim_names", out string claimValue);

what happens if you call: subjectToken.TryGetPayloadValue("_claim_names", out IList claimValues);

We currently only offer support for normal claims.

mancyc commented 2 years ago

out variable is always null.

Btw, subjectToken.Claims has the full list but I am trying to avoid iterating over the list

AzureAD / azure-activedirectory-identitymodel-extensions-for-dotnet