From 9dd40bdf26b3a6d9061662f5d36a73dd4fd6c11b Mon Sep 17 00:00:00 2001 From: jennyf19 Date: Thu, 28 Mar 2024 19:00:13 -0700 Subject: [PATCH] fix assertions being removed from dict before callback is executed (#2733) --- .../TokenAcquisition.cs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index 276415261..ddbc5ef86 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -816,15 +816,17 @@ private void NotifyCertificateSelection(MergedOptions mergedOptions, IConfidenti // Special case when the OBO inbound token is composite (for instance PFT) if (dict.ContainsKey(assertionConstant) && dict.ContainsKey(subAssertionConstant)) { + string assertion = dict[assertionConstant]; + string subAssertion = dict[subAssertionConstant]; // Check assertion and sub_assertion passed from merging extra query parameters to ensure they do not contain unsupported character(s). - CheckAssertionsForInjectionAttempt(dict[assertionConstant], dict[subAssertionConstant]); + CheckAssertionsForInjectionAttempt(assertion, subAssertion); builder.OnBeforeTokenRequest((data) => { // Replace the assertion and adds sub_assertion with the values from the extra query parameters - data.BodyParameters[assertionConstant] = dict[assertionConstant]; - data.BodyParameters.Add(subAssertionConstant, dict[subAssertionConstant]); + data.BodyParameters[assertionConstant] = assertion; + data.BodyParameters.Add(subAssertionConstant, subAssertion); return Task.CompletedTask; });