Microsoft-identity-web: [Investigate] Incorrect behavior using the issuer validator cache in AadIssuerValidator class

Created on 11 Mar 2020  路  3Comments  路  Source: AzureAD/microsoft-identity-web

The authority in public static AadIssuerValidator GetIssuerValidator(string aadAuthority) is in the form of URI (ex. https://login.microsoftonline.com/).

In if (s_issuerValidators.TryGetValue(aadAuthority, out AadIssuerValidator aadIssuerValidator)) full authority string is used to query the issuer validator dictionary.

However, only the authority host is used as a key to insert the value.

string authority = authorityHost ?? new Uri(FallbackAuthority).Host;
...
s_issuerValidators[authority] = new AadIssuerValidator(aliases);

So the value is never retrieved in the cache, unless only the host is passed in while the cache has that key.
Investigate if this behavior is intended.

P1 bug fixed investigate performance

Most helpful comment

Oui.

All 3 comments

@pmaytak
when you are tired of writing tests, do you want to have a go at fixing it?

Oui.

Fixed in Microsoft.Identity.Web 0.1.2-preview

Was this page helpful?
0 / 5 - 0 ratings