-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JsonWebToken exposes Header Claims #3170
base: dev
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This pull request exposes the JWT header claims by adding an API to retrieve the header claims as a list of Claim objects. It also adds tests to ensure that the default header claims ("alg", "typ", and "kid") are present.
- Added a new property HeaderClaims to return header claims.
- Introduced a test case verifying the header claims count and content.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
File | Description |
---|---|
test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs | Added test verifying the HeaderClaims API returns default claims. |
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs | Added the HeaderClaims property to expose JWT header claims. |
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
/// A <see cref="Claim"/> requires each value to be represented as a string. If the value was not a string, then <see cref="Claim.Type"/> contains the json type. | ||
/// <see cref="JsonClaimValueTypes"/> and <see cref="ClaimValueTypes"/> to determine the json type. | ||
/// </remarks> | ||
public IReadOnlyList<Claim> HeaderClaims => Header.Claims(Issuer ?? ClaimsIdentity.DefaultIssuer); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatives: Only expose header names, and then call GetHeaderValue(key) with each key from the header names, or reparse the encoded header
JsonWebToken exposes Header Claims
The JsonWebToken should provide an API that allows access to the JWT header keys, values, and claim value types, this is done already through the Claim type.
Fixes #3164