Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return unwrapped keys if able #2812

Merged
merged 3 commits into from
Sep 9, 2024
Merged

Return unwrapped keys if able #2812

merged 3 commits into from
Sep 9, 2024

Conversation

keegan-caruso
Copy link
Contributor

Description

JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped.

Relates to #2695

Return unwrapped keys if able
3a49d8d 
JsonWebTokenHandler would only return unwrapped keys if there was no errors.
This change is to align with the behavior in JwtSecurityTokenHandler, that is
it returns the keys that were able to be unwrapped, and only throw if no keys
were able to be unwrapped.

Relates to #2695
@keegan-caruso keegan-caruso requested a review from a team as a code owner September 5, 2024 20:54
@sruke
Copy link
Contributor

sruke commented Sep 5, 2024

Should the logic here in JsonWebTokenHandler.DecryptToken be updated as well?

@keegan-caruso
Copy link
Contributor Author

Should the logic here in JsonWebTokenHandler.DecryptToken be updated as well?

Yeah, good idea. done.

iNinja
iNinja approved these changes Sep 6, 2024
View reviewed changes
Copy link
Contributor

@iNinja iNinja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment, otherwise looks good.

test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs Outdated Show resolved Hide resolved
@keegan-caruso keegan-caruso merged commit ad4ec65 into dev Sep 9, 2024
6 checks passed
@keegan-caruso keegan-caruso deleted the kecaruso/fix-keywrap-error branch September 9, 2024 18:07
brentschmaltz
brentschmaltz reviewed Sep 10, 2024
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.CreateToken.cs
@@ -1422,7 +1422,7 @@ internal IEnumerable<SecurityKey> GetContentEncryptionKeys(JsonWebToken jwtToken
(keysAttempted ??= new StringBuilder()).AppendLine(key.ToString());
}

if (unwrappedKeys.Count > 0 && exceptionStrings is null)
if (unwrappedKeys.Count > 0 || exceptionStrings is null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we care about exceptionStrings if we have found any possible keys?

brentschmaltz
brentschmaltz reviewed Sep 10, 2024
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs
@@ -202,7 +202,7 @@ internal Result<string> DecryptToken(
(keysAttempted ??= new StringBuilder()).AppendLine(key.ToString());
}

if (unwrappedKeys.Count > 0 && exceptionStrings is null)
if (unwrappedKeys.Count > 0 || exceptionStrings is null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we care about exceptionStrings if we have some keys?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentschmaltz brentschmaltz brentschmaltz left review comments

@pmaytak pmaytak pmaytak approved these changes

@iNinja iNinja iNinja approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@keegan-caruso @sruke @iNinja @brentschmaltz @pmaytak