-
Notifications
You must be signed in to change notification settings - Fork 422
How to replace usage of SecurityTokenUnableToValidateException in code
SecurityTokenUnableToValidateException is no longer getting thrown by Microsoft.IdentityModel/Wilson. In the 7.* major release of Wilson this exception type will be removed completely.
Callers of Wilson should be sure to handle SecurityTokenValidationExceptions individually, or at the very least, handle all exception types of SecurityTokenValidationException.
If you were previously ONLY handling SecurityTokenUnableToValidateException, you should replace that with SecurityTokenValidationException and ideally have exception handling for derrived types (e.g. SecurityTokenExpiredException, SecurityTokenInvalidIssuerException, SecurityTokenNotYetValidException, etc.)
More detailed exception handling guidance can be found: TODO, Brent to share exception handling guidance for Wilson.
Conceptual Documentation
- Using TokenValidationParameters.ValidateIssuerSigningKey
- Scenarios
- Validating tokens
- Outbound policy claim type mapping
- How ASP.NET Core uses Microsoft.IdentityModel extensions for .NET
- Using a custom CryptoProvider
- SignedHttpRequest aka PoP (Proof-of-Possession)
- Creating and Validating JWEs (Json Web Encryptions)
- Caching in Microsoft.IdentityModel
- Resiliency on metadata refresh
- Use KeyVault extensions
- Signing key roll over