Throws SecurityTokenMalformedTokenException on malformed tokens #2080
Conversation
dannybtsai
requested review from
victorm-hernandez,
FuPingFranco,
ciaozhang and
brentschmaltz
src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenMalformedTokenException.cs
Outdated
Show resolved
Hide resolved
Let's update the XML docs to reflect we are throwing a different exception type. In reply to: 1551947809 In reply to: 1551947809 Refers to: src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs:24 in 1f748de. [](commit_id = 1f748de, deletion_comment = False) |
ditto: lets update XML docs for the new exception type In reply to: 1551949110 In reply to: 1551949110 Refers to: src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs:815 in 1f748de. [](commit_id = 1f748de, deletion_comment = False) |
Let's update also the JsonWebTokenHandler and Saml2SecurityTokenHandler ValidateToken methods to be consistent. In reply to: 1551955852 Refers to: src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs:835 in 1f748de. [](commit_id = 1f748de, deletion_comment = False) |
…enException to SecurityTokenMalformedException and updated comments
…eTokenAsync and ValidateTokenAsync.ReadToken when failing to parse/read a token as a valid JWT Added more comments
Danny created a work item for this In reply to: 1551955852 Refers to: src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs:835 in 1f748de. [](commit_id = 1f748de, deletion_comment = False) |
Currently an ArgumentException is thrown when a token handler fails to parse/read a raw token. Since the ArgumentException is a general exception for any invalid arguments, sometimes it does not provide specific types of errors, ex, invalid header or payload. This PR adds a new exception, SecurityTokenMalformedTokenException, that can be thrown when a malformed token is detected. For example, the exception will be thrown if a SAML token is handled by JsonWebTokenHandler.
This should provide a clearer exception so users to handle it differently.