Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a JSON claim to the JWT/Userinfo endpoint is a bit unintuitive because of different valueType constants #1480

Open
raff-run opened this issue Nov 29, 2023 · 7 comments
Open

Adding a JSON claim to the JWT/Userinfo endpoint is a bit unintuitive because of different valueType constants #1480

raff-run opened this issue Nov 29, 2023 · 7 comments
Assignees
@AndersAbel
Labels
feature request
Milestone
Future

Comments

@raff-run
Copy link

When searching on how to add a JSON claim to a JWT, you'll come across answers like this one, which use System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.Json to specify the valueType, and that works with JwtSecurityTokenHandler.WriteToken.

But since ClaimsExtensions.cs checks for claim.ValueType == IdentityServerConstants.ClaimValueTypes.Json and IdentityServerConstants.ClaimValueTypes.Json is "json" while System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.Json is "JSON", that means that adding a claim like this:
context.IssuedClaims.Add(new Claim("json", "{\"sample\":{\"sample\":\"value\"}}", System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.Json))

will make the claim an escaped JSON in the JWT instead of actual JSON.
@brockallen brockallen transferred this issue from DuendeSoftware/IdentityServer Nov 30, 2023
@AndersAbel
Copy link
Member

What version of Duende.IdentityServer are you using? What version of Asp.Net Core? What version of the Microsoft.IdentityModel libraries?

@AndersAbel AndersAbel self-assigned this Nov 30, 2023
@AndersAbel AndersAbel added the question Further information is requested label Nov 30, 2023
@josephdecock
Copy link
Member

@brockallen do you think we should relax our logic here and allow either constant? I feel like this has come up in the past and don't quite remember if there is some wrinkle.

@raff-run
Copy link
Author

I am using the latest version of each, this fiddle here shows how IdentityServer's constant is not capitalized: https://dotnetfiddle.net/qniKJj

And this link shows how ClaimsExtensions.cs checks the valueType

IdentityServer/src/IdentityServer/Extensions/ClaimsExtensions.cs

Line 87 in 237ffca

if (claim.ValueType == IdentityServerConstants.ClaimValueTypes.Json)

From what I've searched in the repo, the constant itself could be updated without breaking anything since it's only used in 4 places, instead of changing the logic.

@brockallen
Copy link
Member

brockallen commented Nov 30, 2023
edited

IOW, why can't we do this:

if (claim.ValueType == IdentityServerConstants.ClaimValueTypes.Json || 
    claim.ValueType == System.IdentityModel.Tokens.Jwt.JsonClaimValueTypes.Json)

I guess that would make sense. @leastprivilege any recollection around this topic and thought why this would not be ok?

@leastprivilege
Copy link
Member

By the time we added this, the JWT handler only had very limited JSON serialization capabilities. Would be also interesting to see if they now can serialize complex objects or lists...

@josephdecock
Copy link
Member

Transferring to the IdentityServer repo to consider for a future release.

@josephdecock josephdecock transferred this issue from DuendeSoftware/Support Dec 3, 2023
@josephdecock josephdecock added this to the Future milestone Dec 3, 2023
@josephdecock josephdecock added feature request and removed question Further information is requested labels Dec 3, 2023
@runegri
Copy link

runegri commented Jan 19, 2024

By the time we added this, the JWT handler only had very limited JSON serialization capabilities. Would be also interesting to see if they now can serialize complex objects or lists...

Things look better now. We have seen the same issue on our side (HelseID) but are investigating if we can remove the workarounds. I can update here if things look good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndersAbel AndersAbel

Labels
feature request
Projects
None yet
Milestone
Future
Development

No branches or pull requests
6 participants
@runegri @brockallen @josephdecock @leastprivilege @AndersAbel @raff-run