Barry Dorrans Feed
avatar
Barry Dorrans @blowdart.me

I’m confused, JsonWebToken absolutely takes and exposes claims. Are you trying to construct a new one from scratch? That’s a bit more convoluted.

aug 31, 2025, 6:20 pm • 0 0

Replies

avatar
Fati Iseni @fiseni.com

I'm constructing from scratch. I fixed it. Sorry for the rant, but I can see how new devs can feel totally confused.

aug 31, 2025, 6:41 pm • 0 0 • view
avatar
Barry Dorrans @blowdart.me

Oh yea it’s not exactly obvious. But then it’s not just the claims it’s the signing too, and most just want to accept not make. It does suffer from its roots in WS* I’d encourage you to leave feedback on the msal repo github.com/AzureAD/micr...

aug 31, 2025, 6:44 pm • 1 0 • view
avatar
Fati Iseni @fiseni.com

Btw, I noticed one peculiar issue. It seems the RSA is cached in RsaSecurityKey. If you re-create a new instance, it will fail during validation. Here is a simple example. If I disable the CacheSignatureProviders, then works each time. Not sure why is cached, but finding the root cause was tedious.

image
aug 31, 2025, 6:46 pm • 0 0 • view
avatar
Barry Dorrans @blowdart.me

Odd. Log an issue with them 😀

aug 31, 2025, 6:50 pm • 0 0 • view
avatar
Fati Iseni @fiseni.com

I found an issue that was closed. Frankly, I don't understand the rationale here. github.com/AzureAD/azur...

aug 31, 2025, 6:55 pm • 0 0 • view