Skip to content

WsFederation handler should not specify an exact type for exception thrown. #24847

New issue
New issue
Closed
#24886
Closed
WsFederation handler should not specify an exact type for exception thrown.#24847
#24886
Assignees
JunTaoLuo
Labels
area-authIncludes: Authn, Authz, OAuth, OIDC, BearerbugThis issue describes a behavior which is not expected - a bug.
Milestone
5.0.0-rc1
@brentschmaltz

Description

@brentschmaltz
brentschmaltz
opened on Aug 12, 2020

WsFederation unlike OIDC handler expects and exact type, which will break if a new derived exception is thrown.
see WsFed:

aspnetcore/src/Security/Authentication/WsFederation/src/WsFederationHandler.cs

Line 298 in 5ff9ed6

if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))

see: OIDC:

aspnetcore/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs

Line 748 in bbf7c87

if (Options.RefreshOnIssuerKeyNotFound && exception is SecurityTokenSignatureKeyNotFoundException)

OIDC is the preferred model.

Describe the bug

A clear and concise description of what the bug is.

To Reproduce

Exceptions (if any)

Further technical details

  • ASP.NET Core version
  • Include the output of dotnet --info
  • The IDE (VS / VS Code/ VS4Mac) you're running on, and it's version

Metadata

Metadata

Assignees

Labels

area-authIncludes: Authn, Authz, OAuth, OIDC, BearerbugThis issue describes a behavior which is not expected - a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions