Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT.Headers() return type is different between .NET Core and .NET Framework #72

Closed
sandersaares opened this issue Aug 18, 2017 · 4 comments
Closed

JWT.Headers() return type is different between .NET Core and .NET Framework #72

sandersaares opened this issue Aug 18, 2017 · 4 comments

Comments

@sandersaares
Copy link
Contributor

sandersaares commented Aug 18, 2017
edited
Loading

Given this JOSE object;

eyJhbGciOiJSUzUxMiIsIng1YyI6WyJNSUlDNHpDQ0FjdWdBd0lCQWdJUUVUd2dNdEVERmJkSSt5c2RGajR6NmpBTkJna3Foa2lHOXcwQkFRMEZBREFNTVFvd0NBWURWUVFERXdGQ01CNFhEVEUyTURVeU56RXlOVEUwTWxvWERUTTVNVEl6TVRJek5UazFPVm93RERFS01BZ0dBMVVFQXhNQlFqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1oL3ZQRm1SSEF1NHhzcXNEUTBvOFpjbVg4cHFBN1ZzQVpiMCs5WGlDdldUMlR5SW9OQ0hvZC9DWkhZQ0p6dm1JSTIrZHBGK3p5U3NYZWI5V3lJdE0xU3FVQ0NCOGlHZFFDR0RPNkZpaDhRWjdGZTh1b3FvaGE0TTJ4OG53TXlTK0l3RDRPSG1ReFZ4TjdnSkN2TlN6S2ZPSmkwbUIxNWZ5N3pqKzUrOHphdkl6cVVWcUhMSWxzUWxtc0hSY2J3dHNsTlMvb0F0RXd6VWRmUi9NOGhjc0lnajdVRHBIT21CS0wzaU8xTXp5bW5OeVhqVEhScFA5alBDN0NkVEZjWEMxbzdnWTk5VWhTSmZ0eEd4aHJ5VDEwU1ZjZXZWZC9XRFdZNTF2SlZueG5IVFEyaFpRVkxOM0JucmZHMEIxbmhHZ0dMeCtqTW0rMktBL3VCM0NaVVNRY0NBd0VBQWFOQk1EOHdQUVlEVlIwQkJEWXdOSUFRRmtxUnpoWEhWV0pkOWVXTHgyL2lZcUVPTUF3eENqQUlCZ05WQkFNVEFVS0NFQkU4SURMUkF4VzNTUHNySFJZK00rb3dEUVlKS29aSWh2Y05BUUVOQlFBRGdnRUJBRGF6ZzZ6OXk5Q2VpMENIT20xKzJBeUx4T0Q3N0NoUDZXSXBkNE52Z3ptTlFNcG50Q3FjVmtYOURHaThHUE1ybGpBMDZkSUl0TjlDd01IdGE2MGRwSHprQUNXakdQczRR
R2pybDRWTnlDR3o5aXl3VldJWEM0K2JsbG11WnpSempsRFM4Y3BGa3lXTE42TEphNUNJdE5kZ05xekFpNDNmcmtaMy9lMmp2SlhpdGJqeHZlc3E1RXpzaG9melNMR2FoK1c5d1pGeFdWOWpHd1JxeEtFVGwyNmw0elM0Qm01WG5RaG9nL09LMnpReHNYS0lVSWh0UFh2NHlCRDNSWVVnaFZOOEtBNlQ1MjRzbCs0MG1tRWp6clNOK3N3MVVWQ0FDL01aWW90L2hRYTVyNVI5aXhtN096ZHg0SERhSXRabktnTFphMlloSWZIa2RFRFNjbVd3R2xZPSJdLCJ0eXAiOiJBeGlub21TaWduZWRFbnZlbG9wZSJ9.ZXlKaGJHY2lPaUpTVTBFdFQwRkZVQ0lzSW1WdVl5STZJa0V5TlRaRFFrTXRTRk0xTVRJaUxDSjROV01pT2xzaVRVbEpRelI2UTBOQlkzVm5RWGRKUWtGblNWRktSekl6WTB3MWFHYzFVa041YW5GbWExaFdla2w2UVU1Q1oydHhhR3RwUnpsM01FSkJVVEJHUVVSQlRVMVJiM2REUVZsRVZsRlJSRVYzUmtKTlFqUllSRlJGTWsxRVZYbE9la1Y1VGxSRmVrOUdiMWhFVkUwMVRWUkplazFVU1hwT1ZHc3hUMVp2ZDBSRVJVdE5RV2RIUVRGVlJVRjRUVUpSVkVORFFWTkpkMFJSV1VwTGIxcEphSFpqVGtGUlJVSkNVVUZFWjJkRlVFRkVRME5CVVc5RFoyZEZRa0ZPYkRkcE5GWmlURlYxVVVWd1dqZzVPRVJWYTNWcVprOWhRbVJaY0dkYUswdEhUbVJyVGpZNEwyeEJhMGRMVEZGS0wxTk5kR2hxUlVSTGJIZEthVWd6VmtSNk9IRTBMMlk0VTJvd2JqZHhjMmRoUWtNd1RFTjRWR0Z2TjBRdmJUVTBhblZvUlVzMlpFUk5aVmRaY1hCNFEwUlRVbkpIZVU1RVozUjBNVFZIWkdwdk5tRnNO
VVY2YlhOdU4wNDJVRmx1VTJab1JVeHlNbTA0TUdaamQxTmFaelkyZGk5WWVXOU9lVXRyZFRseFZuUkNjMVo1U0VabWJVRTFlak14VjNKaFJHdzFiMWh2VjJSVldFTkhTSFJuVVRoR1lXaFlVRlZEWm1WcGVsUXdWM1EzYmxoRlNHTnZVMFZhVmk5eGMzWllWRkl6UkVKRWJGa3pjRlJUZFRCa1JYQjVUM1ZIVm5vMmFXaElWa1JxV2pOaFRVcDJkVzVSZEZSaFlYWlpNa2hGTmk4NGRWWXhiRmhpSzNZMVlWVkhVMUIxUWs4MWNqTmFSMnRZYXpnMFVESlpaWGRXU201NFowVlpVMmxpYjFkWlFrVkVTVGhEUVhkRlFVRmhUa0pOUkRoM1VGRlpSRlpTTUVKQ1JGbDNUa2xCVVhsbWJGTjVObFJ0VUdOaVRXbE1aMFYyUW5WbWFrdEZUMDFCZDNoRGFrRkpRbWRPVmtKQlRWUkJWVWREUlVOU2RIUXpReXRaV1U5VlVYTnZObTQxUmpGamVVMTNSRkZaU2t0dldrbG9kbU5PUVZGRlRrSlJRVVJuWjBWQ1FVWnRSa05TYW5sWVNqVkZiM2xpTUVGblFUVTNURGRMU2xKM1ZsUlRhWFZXYUZSU1V6SkpVVUZJV1dOQlRGVkhaakJXVTBGalRIVnVNemx2V1hGdGNtMU5ObFZMTmxCWmJGZEVla3BUUjJvMk1UbHBPWGhJVEZab1dGZGxNREZMZFZneWR6ZHVabGhGY0RaemN6a3ZWamhNZFUwek5FWTVZVVYyZGs0NWNteElVWGd4VjNKTWVEbGtjVTl1YWxWSmRraExielZHZEdWV1N6VTFPVUpLVG1kcGNuaGtVRlJRUW1KSGIzVTBNRGh0UTJoSFZXZDViamRUYURWNFR6aHNlRkZPTlNzMGJIRm1TMW9yTUdSUWIzcDRRalJIVjBvNVNHc3dWWEpuUkhaMFkwTldjV2xFTjJFNWNsSkZjRlpOUVVKdkszZzJkM
lJNUjNoWGRVaHdiakZQVlZSNU1FY3pTazlGWTBveGNIRlZSak5vVDBVMFpGcFRjR1F4YWtGWU1Gb3lNeTlGYVVoVFIzTmFSRkJsYVZwak4ya3dTa1V5Y3k4NU4wRmFObkExWkVWVWVtYzRWU3Q2TWtnNVEyVlFhbE16UzJ0WFVUMGlYU3dpZEhsd0lqb2lRWGhwYm05dFJXNWpjbmx3ZEdWa1JXNTJaV3h2Y0dVaWZRLnA1cE1CeXhGVDJIN1V6THJTWlotU29QMEIxSVYycTdxODJxMjk4MVZaZEFwS2ttaWJEV2lZZDFLVkx6WXlxNDlRY3B0czN5VFZUMmQ0c2VXUE80WW5GMVFTM1BxNkhrZnVLV0FNd0FndEVldmpqYXV4bzl4a2t6MDNFTjRRbXYzc3Y5NXBNcnd4XzQwZXp1NTV3amZpcUZwdEhuakxpb3pZZFVVVTU2LXhIcTRqNGJZOVpvOHFOSS1MRVlwdHhXdGROWHd0OHRUZkVKUGVkOHo4SWZMUUFaRms4YlFXRWV3WUlfajcxMy1zanhqNlJWLXhqZVlyZWlsLUFCc2hXcHRPdEVQbGRPU014bUprOEFFcnNGdDhlb0NJUlpnX180NTlkTkUweWhYTjdza3ZJOFo2aENQUzE1YnZWNGl0S01GOWZNMVlSZmw1QWFEdEY1VGhJWU9PQS5hMkN4eC03ZTNVc0p2ZkFuNHB0Q2dnLi0tWlJvUXJqU0JCckFSUE5rSzZlbHcuTHcxTGxiZ0ZhbGVncnQya3ZvLUdWdGY1azNoYU9yamRETGNNWHBlUXlfVQ.M-PGd1LJLSG5e2qZhmISGEVAL1qLnpv1HErdEJkxpTIZOBGTbcRqKZ5T2oWjTJgfhuxNw3hi0lWVGHpvZGNxOTdrBAYiIceRA95uXmdC7aiIC5B8baySmN6q5M1jbQaSYNvbbA14_Cgo9bRdVmLRtF01faA5FBvUY3mGX9LsBLbAxoshLAuvf2oW0KSuS3UwkkfRdAM11TVEAsc0XMA
yZxKBSWTtMkWW-h26AO9IdXoosQZmwId6IuQvtFE-Dubzp8ehuT07KVvW7LPrFV87tge5rE90z9PpsGSjLqPGauXJ7kbdvXnwpj6o4AOSpo69wSJ3vKvjggbqpUYB-Xv83w

JWT.Headers() returns the following on .NET Framework 4.7:

Count = 3
    [0]: {[alg, RS512]}
    [1]: {[x5c, System.Object[]]}
    [2]: {[typ, AxinomSignedEnvelope]}

And the following on .NET Core 2.0:

Count = 3
    [0]: {[alg, RS512]}
    [1]: {[x5c, [
  "MIIC4zCCAcugAwIBAgIQETwgMtEDFbdI+ysdFj4z6jANBgkqhkiG9w0BAQ0FADAMMQowCAYDVQQDEwFCMB4XDTE2MDUyNzEyNTE0MloXDTM5MTIzMTIzNTk1OVowDDEKMAgGA1UEAxMBQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMh/vPFmRHAu4xsqsDQ0o8ZcmX8pqA7VsAZb0+9XiCvWT2TyIoNCHod/CZHYCJzvmII2+dpF+zySsXeb9WyItM1SqUCCB8iGdQCGDO6Fih8QZ7Fe8uoqoha4M2x8nwMyS+IwD4OHmQxVxN7gJCvNSzKfOJi0mB15fy7zj+5+8zavIzqUVqHLIlsQlmsHRcbwtslNS/oAtEwzUdfR/M8hcsIgj7UDpHOmBKL3iO1MzymnNyXjTHRpP9jPC7CdTFcXC1o7gY99UhSJftxGxhryT10SVcevVd/WDWY51vJVnxnHTQ2hZQVLN3BnrfG0B1nhGgGLx+jMm+2KA/uB3CZUSQcCAwEAAaNBMD8wPQYDVR0BBDYwNIAQFkqRzhXHVWJd9eWLx2/iYqEOMAwxCjAIBgNVBAMTAUKCEBE8IDLRAxW3SPsrHRY+M+owDQYJKoZIhvcNAQENBQADggEBADazg6z9y9Cei0CHOm1+2AyLxOD77ChP6WIpd4NvgzmNQMpntCqcVkX9DGi8GPMrljA06dIItN9CwMHta60dpHzkACWjGPs4QGjrl4VNyCGz9iywVWIXC4+bllmuZzRzjlDS8cpFkyWLN6LJa5CItNdgNqzAi43frkZ3/e2jvJXitbjxvesq5EzshofzSLGah+W9wZFxWV9jGwRqxKETl26l4zS4Bm5XnQhog/OK2zQxsXKIUIhtPXv4yBD3RYUghVN8KA6T524sl+40mmEjzrSN+sw1UVCAC/MZYot/hQa5r5R9ixm7Ozdx4HDaItZnKgLZa2YhIfHkdEDScmWwGlY="
]]}
    [2]: {[typ, AxinomSignedEnvelope]}

Those x5c values are object[] and System.Collections.Generic.ICollection<Newtonsoft.Json.Linq.JToken>, respectively.

This difference in data types is making it difficult to write portable code. The Headers() function should return the same thing for the same input data on every platform.
@dvsekhvalnov
Copy link
Owner

dvsekhvalnov commented Aug 18, 2017
edited
Loading

Hi @sandersaares ,

well, this is difference between NewtonSoft.Json (default for net core) and JavaScriptSerializer (default for .net framework).

I can't think of any good way to align those (let me know if you have an idea). Simply because there can be anything in a header.

Possible options are:

  1. Force NewtonSoft.Json, via
var test = JWT.Headers(header, new JwtSettings().RegisterMapper(new NewtonsoftMapper()));

  1. Customize Newtonsoft.Json configuration to return array of strings or objects instead of what it is returning. (submit a patch if you figure it out)

  2. Customize JavaScriptSerializer to return array of strings instead (unsure it is possible)

  3. You can go with completely custom IJsonMapper implementation that will align deserialization results on both platforms.

@dvsekhvalnov
Copy link
Owner

Something along this probably: https://stackoverflow.com/questions/31119200/how-to-tell-json-net-to-deserialize-jarray-to-a-listobject-when-object-type-is

@sandersaares
Copy link
Contributor Author

I see what you mean. So .Headers() just returns the raw output of the deserialization because it is just arbitrary JSON. Okay, understood. Forcing Newtonsoft.Json will probably be an OK solution for my case. Thanks for quick explanation!

@dvsekhvalnov dvsekhvalnov mentioned this issue Aug 18, 2017
Open
@dvsekhvalnov
Copy link
Owner

I'll open follow up #73 . Probably will consider in a future. Returning Newtonsoft specific classes seems slightly odd to me right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvsekhvalnov @sandersaares