Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow Encode(payload) with AddClaim(s) #464

Merged
merged 27 commits into from
Jan 31, 2023

Conversation

hartmark
Copy link
Contributor

@hartmark hartmark commented Jan 24, 2023

Fixes for #456.

@hartmark hartmark mentioned this pull request Jan 24, 2023
src/JWT/Builder/JwtBuilder.cs Outdated Show resolved Hide resolved
src/JWT/Builder/JwtBuilder.cs Outdated Show resolved Hide resolved
@jwt-dotnet jwt-dotnet deleted a comment from hartmark Jan 25, 2023
src/JWT/Builder/JwtBuilder.cs Outdated Show resolved Hide resolved
Copy link
Member

@abatishchev abatishchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, it ran into a merge conflict now :(

@abatishchev
Copy link
Member

Do I understand the origin of the issue correct is that it occurs only in the builder because its Encode() method "messed up" with the payload so a complex model would work?

If that's the case, what I think we should do: remove the code and move it to a custom serializer, which in turn just a decorator on the other one (maybe two decorators, one for the each underlying technology).

@hartmark
Copy link
Contributor Author

I'll check the conflict when I'm at a computer. Looks like something minor.

Yes, the issue is that Encode() with a parameter serializes the _jwt.Payload property.

While Encode() with a parameter serializes only what we pass to it, ignoring the _jwt.Payload if we don't either add what we pass to it or adds the claims manually.

@hartmark hartmark requested a review from abatishchev January 25, 2023 22:46
@hartmark
Copy link
Contributor Author

I have reworked the Encode when also having added Claims so they are both serialized the same way as everything else.

I have for now just added another Encode in JwtEncoder that just accepts two payloads. And in that case just serializes them and uses the merge functionallity in JSON.net, for System.Text.Json it was a bit more tricky but after finding out you can use the JsonNode classes it was easier.

I think this is a more clean solution than iterating the payload with reflection and add all properties in the _jwt.Payload dictionary in JwtBuilder.

If this is an acceptable solution we could rework the JwtEncoder.Encode method to be less copy.paste

All tests pass also! :)

PS. For further reading about JsonNode and Merge
dotnet/runtime#31433
https://makolyte.com/csharp-how-to-use-jsonnode-to-read-write-and-modify-json/

@hartmark hartmark force-pushed the harre/encode-json-serializer branch from 341da1c to 8b9ac59 Compare January 27, 2023 23:10
@hartmark hartmark requested a review from abatishchev January 27, 2023 23:11
@hartmark hartmark requested a review from abatishchev January 31, 2023 23:14
abatishchev
abatishchev previously approved these changes Jan 31, 2023
@abatishchev
Copy link
Member

Awesome, thank you!! Pushed some minor formatting changes. And dropped the beta prefix, I think it'll work as-is.

@hartmark
Copy link
Contributor Author

Cool, that was fast. I think we ended up with a cleaner solution with just sacrificing a minor nice-to-have functionallity

@abatishchev abatishchev changed the title Fix decoding/encoding payloads with attribute decoration #456 Disallow Encode(payload) with AddClaim(s) Jan 31, 2023
@abatishchev abatishchev merged commit 9cd3ed8 into jwt-dotnet:main Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants