search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
34.87k stars 9.85k forks source link

After using JsonWebTokenHandler in. net8, when SaveSigninToken=true is set, BootstrapContext is always null #53043

Open adomass opened 6 months ago

adomass commented 6 months ago

After using JsonWebTokenHandler in. net8, when SaveSigninToken=true is set, BootstrapContext is always null (ClaimsIdentity) user Identity) BootstrapContext is always null

image image

Originally posted by @igaobingbing in https://github.com/dotnet/aspnetcore/issues/52075#issuecomment-1822292269

adomass commented 6 months ago

Its a bit strange that default behavior was changed and SaveSigninToken is not marked as obsolete, but also not respected in the code anymore. This is breaking change, because implementations that were relying on BoostrapContext in ClaimsIdentity being not null started failing. And setting options.UseSecurityTokenValidators = true;is not the best solution as well.

Are there any technical limitations that prevents from storing raw token in ClaimsIdentity?

Sure I can do workaround like this myself, but I don't think it has to be by design like this:

options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = context =>
                    {
                        if (context.Options.TokenValidationParameters.SaveSigninToken && context is { SecurityToken: JsonWebToken jsonWebToken, Principal.Identity: ClaimsIdentity claimsIdentity })
                            claimsIdentity.BootstrapContext = jsonWebToken.EncodedToken;
                        return Task.CompletedTask;
                    }
                };
sliekens commented 2 months ago

I also just encountered this as I was trying to access the JWT in a custom IClaimsTransformation since I need the JWT to perform an on-behalf-of authentication flow with the claims provider.