From 8856dc3990fb0863141cb902bbf64c13202d5f85 Mon Sep 17 00:00:00 2001
From: Alan Yang <49734186+yangmsft@users.noreply.github.com>
Date: Fri, 10 May 2024 14:33:18 -0700
Subject: [PATCH] Add identity model validators (#372)

---
 Directory.Packages.props                   | 8 +++-----
 libs/server/Auth/GarnetAadAuthenticator.cs | 2 ++
 libs/server/Garnet.server.csproj           | 1 +
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 64ddefbc26..ae06809146 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -1,9 +1,7 @@
 <Project>
-
   <PropertyGroup Label="Centralized Package Versions">
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
   </PropertyGroup>
-
   <ItemGroup>
     <PackageVersion Include="Azure.Storage.Blobs" Version="12.14.1" />
     <PackageVersion Include="BenchmarkDotNet" Version="0.13.12" />
@@ -19,10 +17,10 @@
     <PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.28.1" />
+    <PackageVersion Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.5.1" />
+    <PackageVersion Include="Microsoft.IdentityModel.Validators" Version="7.5.1" />
     <PackageVersion Include="StackExchange.Redis" Version="2.6.80" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="6.34.0" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.5.1" />
     <PackageVersion Include="System.Interactive.Async" Version="6.0.1" />
   </ItemGroup>
-
 </Project>
\ No newline at end of file
diff --git a/libs/server/Auth/GarnetAadAuthenticator.cs b/libs/server/Auth/GarnetAadAuthenticator.cs
index 0f26601520..6746bf39b8 100644
--- a/libs/server/Auth/GarnetAadAuthenticator.cs
+++ b/libs/server/Auth/GarnetAadAuthenticator.cs
@@ -10,6 +10,7 @@
 using Garnet.server.Auth.Aad;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Validators;
 
 namespace Garnet.server.Auth
 {
@@ -62,6 +63,7 @@ public bool Authenticate(ReadOnlySpan<byte> password, ReadOnlySpan<byte> usernam
                     ValidAudiences = _audiences,
                     IssuerSigningKeys = _signingTokenProvider.SigningTokens
                 };
+                parameters.EnableAadSigningKeyIssuerValidation();
 
                 var identity = _tokenHandler.ValidateToken(Encoding.UTF8.GetString(password), parameters, out var token);
 
diff --git a/libs/server/Garnet.server.csproj b/libs/server/Garnet.server.csproj
index 2950ad32b4..2bbe3b854c 100644
--- a/libs/server/Garnet.server.csproj
+++ b/libs/server/Garnet.server.csproj
@@ -19,6 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.IdentityModel.Validators" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.Logging" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />