Ulimo
commented
2 years ago Thank you @rs-swc for the well designed issue!
I investigated the issue and from what I can see it seems like there is a change from netcoreapp3.1 to net6.0. Before the resource was RouteEndpoint but now it is the HttpContext.
So it seems like there will be some more tests when moving from netcoreapp3.1 to net6.0.
The sample also looks wrong in 6.0
I will look more into the upgrade to 6.0 to make sure that everything works correctly.
Issue description
When evaluating an opa policy with a non-jwt-type authorization header value the AuthorizationHandlerContext.Resource value gets assigned to an instance of {Microsoft.AspNetCore.Http.DefaultHttpContext}. Which results in a json-serialization exception when serializing the context.Resource.
The error occurs on this line: https://github.com/koralium/OPADotNet/blob/30e5f80d0e44acb869390eb020b2759718eb1981/netcore/src/OPADotNet.Embedded/PreparedPartialEmbedded.cs#L49
Steps to reproduce the issue
Use a custom authorization-scheme and with a header value like: {FakeBearer {"sub":"8886b363-cfe2-4bfb-a7fe-a13445d02f39","name":"admin"}}
I've created a new testproject + client that can be used to debug and demostrate the problem. Running the test NonJwtStyleAuthorizationHeader.Run (in OPADotNet.AspNetCore.Integration.Tests) produces the exception. The new test project is included in this branch: https://github.com/rs-swc/OPADotNet/tree/exception-jsonserialization
Expected
I'm not sure how this case should be handled or why AuthorizationHandlerContext.Resource is set to httpcontext in this situation. But I suppose it could be handled by not serializing the context.Resource in this case. But that also depends on the requirements of the regosdk that is used. Which I have no knowledge of.