From aabf2e9561a61b2c43fb953fb53c95cbab4f8c7c Mon Sep 17 00:00:00 2001 From: Mahmood Malekloo Date: Thu, 13 Mar 2025 09:50:24 +0330 Subject: [PATCH 1/3] fix differences between ValidationParameters and TokenValidationParameters #3131 --- .../Validation/ValidationParameters.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs index b4a792a1cb..9f9e9930b2 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs @@ -93,6 +93,7 @@ protected ValidationParameters(ValidationParameters other) _signatureValidator = other.SignatureValidator; TimeProvider = other.TimeProvider; TryAllDecryptionKeys = other.TryAllDecryptionKeys; + TryAllIssuerSigningKeys = other.TryAllIssuerSigningKeys; TokenDecryptionKeyResolver = other.TokenDecryptionKeyResolver; _tokenDecryptionKeys = other.TokenDecryptionKeys; TokenReplayCache = other.TokenReplayCache; @@ -530,6 +531,7 @@ public TokenReplayValidationDelegate TokenReplayValidator /// all available keys will be tried. /// /// Default is false. + [DefaultValue(true)] public bool TryAllIssuerSigningKeys { get; set; } /// @@ -642,6 +644,7 @@ internal set /// Gets or sets a boolean that controls if the actor claim should be validated. /// /// Default value is false. + [DefaultValue(false)] public bool ValidateActor { get; set; } } } From dab701f0d6af9e47470341e8fa3037894f652f9a Mon Sep 17 00:00:00 2001 From: Mahmood Malekloo Date: Sat, 15 Mar 2025 09:28:14 +0330 Subject: [PATCH 2/3] fix: set TryAllIssuerSigningKeys in the empty constrructor --- .../Validation/ValidationParameters.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs index 9f9e9930b2..ef1881f63c 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs @@ -115,6 +115,7 @@ public ValidationParameters() LogTokenId = true; SaveSigninToken = false; TryAllDecryptionKeys = true; + TryAllIssuerSigningKeys = true; ValidateActor = false; } From 4faf7271ba386f264982effcacb087abf84a5fad Mon Sep 17 00:00:00 2001 From: Mahmood Malekloo Date: Sat, 22 Mar 2025 22:14:40 +0430 Subject: [PATCH 3/3] fix: update the remarks to state that the default value is true --- .../Validation/ValidationParameters.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs index ef1881f63c..f2aa5e8bf4 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs @@ -531,7 +531,7 @@ public TokenReplayValidationDelegate TokenReplayValidator /// If the IssuerSigningKeyResolver is unable to resolve the key when validating the signature of the SecurityToken, /// all available keys will be tried. /// - /// Default is false. + /// Default is true. [DefaultValue(true)] public bool TryAllIssuerSigningKeys { get; set; }