Skip to content

Commit a66ac9d

Browse files
andrueastmanandrueastman
authored
Merge pull request #888 from microsoftgraph/feat/codeScanning
fix: Fixing code scanning alert on AAD issuer validation
2 parents 7c7511c + 523a5dc commit a66ac9d

File tree

2 files changed

+9
-5
lines changed

2 files changed

+9
-5
lines changed

src/Microsoft.Graph.Core/Extensions/ITokenValidableExtension.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ namespace Microsoft.Graph
77
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
88
using Microsoft.IdentityModel.Tokens;
99
using Microsoft.IdentityModel.Protocols;
10+
using Microsoft.IdentityModel.Validators;
1011
using System;
1112
using System.Collections.Generic;
1213
using System.Linq;
@@ -65,7 +66,7 @@ private static bool IsTokenValid(string token, JwtSecurityTokenHandler handler,
6566
{
6667
try
6768
{
68-
handler.ValidateToken(token, new TokenValidationParameters
69+
var tokenValidationParameters = new TokenValidationParameters
6970
{
7071
ValidateIssuer = true,
7172
ValidateAudience = true,
@@ -74,7 +75,9 @@ private static bool IsTokenValid(string token, JwtSecurityTokenHandler handler,
7475
ValidIssuers = issuersToValidate,
7576
ValidAudiences = appIds,
7677
IssuerSigningKeys = openIdConfig.SigningKeys
77-
}, out _);
78+
};
79+
tokenValidationParameters.EnableAadSigningKeyIssuerValidation();
80+
handler.ValidateToken(token, tokenValidationParameters, out _);
7881
}
7982
catch
8083
{

src/Microsoft.Graph.Core/Microsoft.Graph.Core.csproj

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,14 +63,15 @@
6363
</ItemGroup>
6464
<ItemGroup>
6565
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="8.0.1" />
66+
<PackageReference Include="Microsoft.IdentityModel.Validators" Version="8.0.1" />
6667
<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
6768
<PackageReference Include="Microsoft.Kiota.Abstractions" Version="1.11.3" />
6869
<PackageReference Include="Microsoft.Kiota.Authentication.Azure" Version="1.11.3" />
6970
<PackageReference Include="Microsoft.Kiota.Serialization.Json" Version="1.11.3" />
70-
<PackageReference Include="Microsoft.Kiota.Serialization.Text" Version="1.11.2" />
71-
<PackageReference Include="Microsoft.Kiota.Serialization.Form" Version="1.11.2" />
71+
<PackageReference Include="Microsoft.Kiota.Serialization.Text" Version="1.11.3" />
72+
<PackageReference Include="Microsoft.Kiota.Serialization.Form" Version="1.11.3" />
7273
<PackageReference Include="Microsoft.Kiota.Http.HttpClientLibrary" Version="1.11.3" />
73-
<PackageReference Include="Microsoft.Kiota.Serialization.Multipart" Version="1.11.2" />
74+
<PackageReference Include="Microsoft.Kiota.Serialization.Multipart" Version="1.11.3" />
7475
</ItemGroup>
7576
<ItemGroup Condition=" '$(TargetFramework)' == 'net462' ">
7677
<PackageReference Include="System.Net.Http.WinHttpHandler" Version="[6.0,9.0)" />

0 commit comments

Comments
 (0)