Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JTI Claim as a string instead of guid #682

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

JTI Claim as a string instead of guid #682

wants to merge 1 commit into from

Conversation

sachinsatav
Copy link
Contributor

@sachinsatav sachinsatav commented Nov 3, 2023
edited
Loading

Summary

Latest Microsoft Identity Model package >7.0.0 and above no longer serializes Guid datatype ( see - https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/f5fef2269a6eea5ba52d707d7235acf6a504db9f/src/Microsoft.IdentityModel.Tokens/Json/JsonSerializerPrimitives.cs#L860-L924) and instead throws an exception -

System.InvalidOperationException: Something went wrong when creating the signed JWT. Verify your private key.
---> System.ArgumentException: IDX11025: Cannot serialize object of type: 'System.Guid' into property: 'jti'.
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.WriteObject(Utf8JsonWriter& writer, String key, Object obj)
at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.WriteObjects(Utf8JsonWriter& writer, IDictionary`2 dictionary)
at System.IdentityModel.Tokens.Jwt.JwtPayload.SerializeToJson()
at System.IdentityModel.Tokens.Jwt.JwtPayload.Base64UrlEncode()
at System.IdentityModel.Tokens.Jwt.JwtSecurityToken.get_EncodedPayload()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
at Okta.Sdk.Client.DefaultJwtGenerator.GenerateSignedJWT()
--- End of inner exception stack trace ---
at Okta.Sdk.Client.DefaultJwtGenerator.GenerateSignedJWT()
at Okta.Sdk.Api.OAuthApi.GetBearerTokenWithHttpInfoAsync(CancellationToken cancellationToken)
at Okta.Sdk.Api.OAuthApi.GetBearerTokenAsync(CancellationToken cancellationToken)
at Okta.Sdk.Client.DefaultOAuthTokenProvider.RequestAccessTokenAsync(CancellationToken cancellationToken)
at Okta.Sdk.Client.DefaultOAuthTokenProvider.GetAccessTokenAsync(Boolean forceRenew, CancellationToken cancellationToken)
at Okta.Sdk.Api.UserApi.GetUserWithHttpInfoAsync(String userId, CancellationToken cancellationToken)
at Okta.Sdk.Api.UserApi.GetUserAsync(String userId, CancellationToken cancellationToken)

To fix this, I am making JTI as string.

Fixes #
N/A

Type of PR

  • Bug Fix (non-breaking fixes to existing functionality)
  • New Feature (non-breaking changes that add new functionality)
  • Documentation update
  • Test Updates
  • Other (Please describe the type)

Signoff

  • I have submitted a CLA for this PR
  • Each commit message explains what the commit does
  • I have updated documentation to explain what my PR does
  • My code is covered by tests if required
  • I checked StyleCop warnings on my code

@laura-rodriguez
Copy link
Collaborator

Hi @sachinsatav,

Thank you for your contribution! An internal ticket will created to be prioritized by the team.

Internal Ref: OKTA-666194

@laura-rodriguez laura-rodriguez mentioned this pull request Dec 15, 2023
Merged
@laura-rodriguez
Copy link
Collaborator

Superseded by #685

laura-rodriguez added a commit that referenced this pull request Dec 15, 2023
@laura-rodriguez @sachinsatav
Introduce "JTI Claim as a string instead of guid" (#682) external con…
3afa851 
…tribution (#685)

* JTI Claim as a string instead of guid

* - Test third party contribution
- Update templates to port solution in codegen process
- Update version

---------

Co-authored-by: Sachin Satav <[email protected]>
@laura-rodriguez
Copy link
Collaborator

Thanks for your contribution. This changed has been merged, and it's available in Okta.Sdk v7.0.2.

@shimbor
Copy link

shimbor commented Jul 3, 2024

Hello, @laura-rodriguez! Could this issue be re-opened, because when switching to v8 these changes were lost.

@laura-rodriguez
Copy link
Collaborator

Thanks for the heads up @shimbor . It seems we forgot to port this change to the codegen templates.

Internal Ref: OKTA-745550

@bryanapellanes-okta bryanapellanes-okta mentioned this pull request Aug 8, 2024
Closed
@bryanapellanes-okta
Copy link
Contributor

@sachinsatav @shimbor Is this still an issue in version 9?

@sachinsatav
Copy link
Contributor Author

@bryanapellanes-okta I haven't used Okta SDK v9 yet so not really sure :(

@shimbor
Copy link

shimbor commented Nov 21, 2024

@bryanapellanes-okta, sorry, we also decided to switch to direct API calls as a safer approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sachinsatav @laura-rodriguez @shimbor @bryanapellanes-okta