From eed022d41d63ecac73a27c19cf3261278bd1d698 Mon Sep 17 00:00:00 2001 From: Georg von Kries Date: Fri, 1 Dec 2023 14:09:57 +0100 Subject: [PATCH] Fixes Microsoft Entra ID authentication for multi-tenant app registrations by adding missing token validation. Fixes #14802 --- .../Configuration/OpenIdConnectOptionsConfiguration.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/OrchardCore.Modules/OrchardCore.Microsoft.Authentication/Configuration/OpenIdConnectOptionsConfiguration.cs b/src/OrchardCore.Modules/OrchardCore.Microsoft.Authentication/Configuration/OpenIdConnectOptionsConfiguration.cs index 0d523f8fac9..38731df0a34 100644 --- a/src/OrchardCore.Modules/OrchardCore.Microsoft.Authentication/Configuration/OpenIdConnectOptionsConfiguration.cs +++ b/src/OrchardCore.Modules/OrchardCore.Microsoft.Authentication/Configuration/OpenIdConnectOptionsConfiguration.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.Extensions.Options; using Microsoft.Identity.Web; +using Microsoft.IdentityModel.Validators; using OrchardCore.Microsoft.Authentication.Settings; using MicrosoftIdentityDefaults = Microsoft.Identity.Web.Constants; @@ -38,7 +39,7 @@ public void Configure(string name, OpenIdConnectOptions options) options.SignInScheme = "Identity.External"; options.UseTokenLifetime = true; options.SaveTokens = _azureADSettings.SaveTokens; - + options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(options.Authority, options.Backchannel).Validate; } public void Configure(OpenIdConnectOptions options) => Debug.Fail("This infrastructure method shouldn't be called.");