search

casdoor / casdoor-dotnet-sdk

.NET client SDK for Casdoor
https://github.com/casdoor/casdoor
Apache License 2.0
28 stars 25 forks source link

Add validate logic at ParseJwtToken #53

Closed sagilio closed 1 year ago

sagilio commented 1 year ago

Improve security by default, and keep the logic synced from other SDKs.

API proposal:

// old
public virtual CasdoorUser? ParseJwtToken(string token)
// new
public virtual CasdoorUser? ParseJwtToken(string token, bool validateToken = true)
// add (because it needs to sync the jwks from casdoor, this will be an async logic)
public virtual Task<CasdoorUser?> ParseJwtTokenAsync(string token, bool validateToken = true)

This will be a breaking change, need user change the param if someone does not want to validate the token.

casbin-bot commented 1 year ago

@seriouszyx @ComradeProgrammer @Resulte