Merge pull request #19 from DuendeSoftware/jmdc/avoid-duplicate-parse

Avoid duplicate access token parsing
DuendeSoftware · Jan 21, 2025 · ae69e27 · ae69e27
2 parents a4f690d + d6ff003
commit ae69e27
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs b/src/AspNetCore.Authentication.JwtBearer/DPoP/DPoPJwtBearerEvents.cs
@@ -8,7 +8,6 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.Net.Http.Headers;
 using static IdentityModel.OidcConstants;
 
@@ -73,16 +72,12 @@ public override async Task TokenValidated(TokenValidatedContext context)
                 throw new InvalidOperationException("Missing DPoP (proof token) HTTP header");
             }
 
-            // TODO - Add support for introspection
-            var handler = new JsonWebTokenHandler();
-            var parsedToken = handler.ReadJsonWebToken(at);
-
             var result = await _validator.Validate(new DPoPProofValidationContext
             {
                 Scheme = context.Scheme.Name,
                 ProofToken = proofToken,
                 AccessToken = at,
-                AccessTokenClaims = parsedToken?.Claims ?? [],
+                AccessTokenClaims = context.Principal?.Claims ?? [],
                 Method = context.HttpContext.Request.Method,
                 Url = context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host + context.HttpContext.Request.PathBase + context.HttpContext.Request.Path
             });