From 716124a8d9e9a6805493ec1b02f78e180540e261 Mon Sep 17 00:00:00 2001
From: sruthikeerthi <73967733+sruke@users.noreply.github.com>
Date: Wed, 18 Jan 2023 20:18:41 -0800
Subject: [PATCH] Add TVP to check if Token Identifier can be logged (#2002)
---
.../TokenValidationParameters.cs | 9 +++++++++
.../TokenValidationParametersTests.cs | 6 ++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs b/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
index 5c882fd626..373d9e5d5c 100644
--- a/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
+++ b/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs
@@ -220,6 +220,7 @@ protected TokenValidationParameters(TokenValidationParameters other)
IssuerSigningKeyValidator = other.IssuerSigningKeyValidator;
IssuerValidator = other.IssuerValidator;
LifetimeValidator = other.LifetimeValidator;
+ LogTokenId = other.LogTokenId;
LogValidationExceptions = other.LogValidationExceptions;
NameClaimType = other.NameClaimType;
NameClaimTypeRetriever = other.NameClaimTypeRetriever;
@@ -262,6 +263,7 @@ protected TokenValidationParameters(TokenValidationParameters other)
///
public TokenValidationParameters()
{
+ LogTokenId = true;
LogValidationExceptions = true;
RequireExpirationTime = true;
RequireSignedTokens = true;
@@ -544,6 +546,13 @@ public virtual ClaimsIdentity CreateClaimsIdentity(SecurityToken securityToken,
///
public LifetimeValidator LifetimeValidator { get; set; }
+ ///
+ /// Gets or sets a that will decide if the token identifier claim needs to be logged.
+ /// Default value is true.
+ ///
+ [DefaultValue(true)]
+ public bool LogTokenId { get; set; }
+
///
/// Gets or sets a that will decide if validation failure needs to be logged as an error.
/// Default value is true for backward compatibility of the behavior.
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/TokenValidationParametersTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/TokenValidationParametersTests.cs
index 358ffc9f2f..f28f91ab29 100644
--- a/test/Microsoft.IdentityModel.Tokens.Tests/TokenValidationParametersTests.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Tests/TokenValidationParametersTests.cs
@@ -16,7 +16,7 @@ namespace Microsoft.IdentityModel.Tokens.Tests
{
public class TokenValidationParametersTests
{
- int ExpectedPropertyCount = 57;
+ int ExpectedPropertyCount = 58;
[Fact]
public void Publics()
@@ -74,6 +74,7 @@ public void Publics()
IssuerSigningKeys = issuerSigningKeys,
IssuerValidator = ValidationDelegates.IssuerValidatorEcho,
LifetimeValidator = ValidationDelegates.LifetimeValidatorReturnsTrue,
+ LogTokenId = true,
LogValidationExceptions = true,
PropertyBag = propertyBag,
SignatureValidator = ValidationDelegates.SignatureValidatorReturnsJwtTokenAsIs,
@@ -112,6 +113,7 @@ public void Publics()
validationParametersSets.IssuerSigningKeys = issuerSigningKeysDup;
validationParametersSets.IssuerValidator = ValidationDelegates.IssuerValidatorEcho;
validationParametersSets.LifetimeValidator = ValidationDelegates.LifetimeValidatorReturnsTrue;
+ validationParametersSets.LogTokenId = true;
validationParametersSets.LogValidationExceptions = true;
validationParametersSets.PropertyBag = propertyBag;
validationParametersSets.SignatureValidator = ValidationDelegates.SignatureValidatorReturnsJwtTokenAsIs;
@@ -125,7 +127,7 @@ public void Publics()
validationParametersSets.ValidIssuer = validIssuer;
validationParametersSets.ValidIssuers = validIssuers;
validationParametersSets.ValidTypes = validTypes;
-
+
var compareContext = new CompareContext();
IdentityComparer.AreEqual(validationParametersInline, validationParametersSets, compareContext);