Skip to content

Fix JwtBearerOptions.Authority incorrectly set from empty configuration values #64936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Fix JwtBearerOptions.Authority incorrectly set from empty configuration values #64936

Copilot wants to merge 3 commits into from
+71 −2

Conversation

Copy link
Contributor

Copilot AI commented Jan 5, 2026
edited
Loading

Fix JwtBearerOptions.Authority incorrectly set from empty configuration values

  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Fix configuration reading empty/whitespace values on Windows 11

Description

JwtBearerConfigureOptions was setting Authority and MetadataAddress from configuration even when values were empty or whitespace. On Windows 11, environment variables or system configuration can inject empty values, triggering unwanted OpenIdConnect metadata queries that cause multi-second delays.

Changes:

  • Modified JwtBearerConfigureOptions to check !string.IsNullOrWhiteSpace() before applying Authority and MetadataAddress from configuration
  • Added tests verifying properties remain unset when configuration provides empty/whitespace values
  • Added test verifying properties are correctly set when configuration provides valid values

Before:

options.Authority = configSection[nameof(options.Authority)] ?? options.Authority;

After:

if (!string.IsNullOrWhiteSpace(configSection[nameof(options.Authority)]))
{
    options.Authority = configSection[nameof(options.Authority)];
}
Original prompt

This section details on the original issue you should resolve

<issue_title>JwtBearerOptions.Authority must be explicitly set to null on Windows 11</issue_title>
<issue_description>### Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When configuring the JwtBearerOptions in AddJwtBearer, the JwtBearerOptions.Authority member needs to be explicitly set to null on Windows 11. If it is not, the authentication middleware will try to search for an OpenID Connect server that doesn't exist, and lag for a few seconds before continuing.

Expected Behavior

The authentication middleware should not attempt to query an OpenID Connect server without explicitly being configured to do so.

Steps To Reproduce

Clone example repository: https://github.com/dan-p-dev/JwtError
In my tests, I've been creating a token with dotnet user-jwts create, and curl to GET from the test endpoint. The request will lag for a few seconds before completing successfully.

I used dotnet-trace to profile the request, and a function call for OpenIdConnect.OpenIdConnectConfigurationRetriever+<GetAsync>d__3::Move appears in the results.

After testing this, I uncommented line line 26 in Program.cs (jwtOptions.Authority = null;) and repeated my tests. In this case, there is no lag in the request, and dotnet-trace shows no OpenIdConnect related function calls.

Exceptions (if any)

This error does not occur on any of the Linux-based systems I tested on, despite occurring on each Windows 11 system. All systems had the same dotnet version.

.NET Version

10.0.101

Anything else?

Windows Version: Windows 11 Pro
OS Version: 10.0.26200</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits January 5, 2026 18:38
@MackinnonBuck
Fix JwtBearerOptions.Authority not respecting null/empty configuratio…
a6871ca 
…n values

- Modified JwtBearerConfigureOptions to check for null or whitespace before setting Authority and MetadataAddress
- Added tests to verify Authority and MetadataAddress are not set from empty or whitespace configuration
- All 131 JWT Bearer tests pass

Co-authored-by: MackinnonBuck <[email protected]>
@MackinnonBuck
Address code review feedback: improve test assertions clarity
f9ee5fb 
- Change Assert.Equal(default!, ...) to Assert.Null(...) for better clarity
- Keep null-forgiving operator for MetadataAddress assignment (required due to non-nullable type)

Co-authored-by: MackinnonBuck <[email protected]>
Copilot AI changed the title [WIP] Fix JwtBearerOptions.Authority for Windows 11 Fix JwtBearerOptions.Authority incorrectly set from empty configuration values Jan 5, 2026
Copilot AI requested a review from MackinnonBuck January 5, 2026 18:45
@build-analysis build-analysis bot mentioned this pull request Jan 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MackinnonBuck MackinnonBuck Awaiting requested review from MackinnonBuck

@halter73 halter73 Awaiting requested review from halter73 halter73 will be requested when the pull request is marked ready for review halter73 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@MackinnonBuck MackinnonBuck

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

JwtBearerOptions.Authority must be explicitly set to null on Windows 11

2 participants

@MackinnonBuck