TokenDecryption key missing for UserInfo token
jimi-pz opened this issue · 1 comments
Confirm you've already contributed to this project or that you sponsor it
- I confirm I'm a sponsor or a contributor
Version
5.7.0
Describe the bug
Hi,
We're running Velusia.Client from samples project against a Test site.
We are encountering an issue where the tokendecryptionkey is applied to the 'stateinfo' token but not to the 'userinfo' token. Both tokens are encrypted on the Test site using the certificate provided below.
Upon debugging, we observed that the openiddict library does not pass the token decryption certificate to the MS Validation code stack for the 'userinfo' token, although it does so for the 'stateinfo' token.
Here is our part of the configuration,
var certificate = new X509Certificate2("test.pfx", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
// Enable Quartz.NET integration.
options.UseQuartz();
})
.AddValidation(options =>
{
options.AddEncryptionCertificate(certificate);
options.AddSigningCertificate(certificate);
options.Configure(config =>
{
config.TokenValidationParameters.ValidateIssuer = false;
config.TokenValidationParameters.ValidateAudience = false;
config.TokenValidationParameters.ValidateLifetime = false;
config.TokenValidationParameters.TokenDecryptionKey = new RsaSecurityKey(certificate.GetRSAPrivateKey());
});
options.UseSystemNetHttp();
options.UseAspNetCore();
We believe this might have something to do with our configuration but could not figure out yet.
Could you help us?
Thanks in advance,
To reproduce
Not much different than the Velusia.Client code except validating part which I added above.
Exceptions (if any)
No response
Hey,
GitHub didn't recognize you as a sponsor. Did you sponsor the project with a corporate account?
Cheers.