search

daviddesmet / paseto-dotnet

πŸ”‘ Paseto.NET, a Paseto (Platform-Agnostic Security Tokens) implementation for .NET
MIT License
99 stars 8 forks source link

Paseto.Handlers.PasetoPurposeHandler.ValidateIssuer(...) validates audience, not issuer #66

Closed lyra95 closed 2 years ago

lyra95 commented 2 years ago 
protected virtual void ValidateIssuer(PasetoToken token, PasetoTokenValidationParameters validationParameters)
    {
        if (!validationParameters.ValidateIssuer && !string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
            return;

        if (token.Payload.HasIssuer())
            new EqualValidator(token.Payload, PasetoRegisteredClaimNames.Audience).Validate(validationParameters.ValidIssuer);
            // I think it should be PasetoRegisteredClaimNames.Issuer ?
}
daviddesmet commented 2 years ago

You are right! Do you want to create a PR?

lyra95 commented 2 years ago

@daviddesmet I will! plz wait a couple of mins

daviddesmet commented 2 years ago

Sure, is late here so maybe I see your PR tomorrow morning.

lyra95 commented 2 years ago

Ok, I created PR #67 here

daviddesmet commented 2 years ago

@lyra95 You should see 1.0.4 version on NuGet soon, it’s already indexing the new package. Thanks a lot for your contribution 😊