#13, use validated principal claims #14
Conversation
|
Thanks for this suggestion, and sorry we left you hanging for a month! I think it's a great idea, and I think we can even go a step further. I don't think there's any reason for us to parse the token at all, since the JWT Bearer handler is going to parse it already and put the results into the principal. We're not using the results of parsing for anything except getting the token, so we can avoid instantiating the JsonWebTokenHandler and then doing the work of parsing the token. |
There is no need to parse the access token in the DPoPJwtBearerEvents, since the handler already parses and makes the claims available in the context.
|
This build is failing because of other pipeline issues. Hopefully when #18 lands, this will work. |
|
I went ahead and rebased this on to main (where we have the latest changes that fix the CI pipeline), so I've created a new branch and a new PR. I'm going to close this in favor of #19, but nonetheless, Thank You Very Much! |
See #13, uses claims from the validated token principal instead of the raw AT claims.