OpenIdConnect Claims related 'AccessToken must not be longer than 4K' error
jaydgus opened this issue · comments
The Claims are being included in the JWT building despite the attempt to reduce them via options.ClaimsProvider = context => new Claim[] { };
. We have an OAuth server and our app is using UseOpenIdConnectAuthentication
.
I think the "MaxTokenLength" should be configurable and perhaps should not even be a worry since JWTs do not seem to have an official max length. I propose the following change to Microsoft.Azure.SignalR.Common\Auth\AuthUtility.cs:
private static int _maxTokenLength;
private static int MaxTokenLength
{
get
{
if (_maxTokenLength > 0)
{
return _maxTokenLength;
}
else
{
if (int.TryParse(System.Configuration.ConfigurationManager.AppSettings["Azure:SignalR:MaxTokenLength"], out _maxTokenLength))
{
return _maxTokenLength;
}
else
{
return _maxTokenLength = 4096;
}
}
}
}
Project is .NET Framework 4.8
, MVC
- Your Azure SignalR SDK version:
Microsoft.Azure.SignalR.AspNet
: 1.25.1 - Your Server ASPNETCORE version or Assembly version of
Microsoft.AspNetCore.SignalR.Common
: 5.0.17 - Your SignalR Client SDK version:
Microsoft.AspNet.SignalR
: 2.4.3
Actually Azure SignalR service has such request length limit, so we add a precheck in the SDK to notify users about this error beforehand. options.ClaimsProvider = context => new Claim[] { };
should work, otherwise it is a bug, I did a quick try and looks like it is working fine. Could you share with me a minimum reproable project?
Ok, well, this is a bit embarrassing. In my haste, I overlooked the fact that app.MapAzureSignalR()
was being called twice in our Startup. The first one did not have the Claims edit, but the one I was focused on did. The first mapping took precedence making the second mapping ineffective. I didn't see it until I started refactoring the Startup to remove code smell. I guess that's a consistent philosophy: if you can't find something, it's time to start cleaning up.
I appreciate your time and the information!
Thanks for the updates.