fix: #154 AddProtectedWebApiCallProtectedWebApi overwrites handler (#155

) * fix: AddPr..WebApiCallPr..WebApi overwrites existing OnTokenValidated event handler #154 Preserving existing event hander when registering OnTokenValidated event handler in AddProtectedWebApiCallsProtectedWebApi. Previous code was overwriting existing event handler meaning that logging via JwtBearerMiddlewareDiagnostics would no longer work and perhaps more seriously the OnTokenValidated event handler registered in AddProtectedWebApi (intended to "This check is required to ensure that the Web API only accepts tokens from tenants where it has been consented and provisioned.") #154 * Update src/Microsoft.Identity.Web/WebApiServiceCollectionExtensions.cs Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com> Co-authored-by: jennyf19 <jeferrie@microsoft.com> Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com>
AzureAD · May 11, 2020 · f7bc0f4 · f7bc0f4
1 parent d8608bb
commit f7bc0f4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/Microsoft.Identity.Web/WebApiServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebApiServiceCollectionExtensions.cs
@@ -125,8 +125,11 @@ public static IServiceCollection AddProtectedWebApiCallsProtectedWebApi(
             {
                 options.Events ??= new JwtBearerEvents();
 
+                var onTokenValidatedHandler = options.Events.OnTokenValidated;
+
                 options.Events.OnTokenValidated = async context =>
                 {
+                    await onTokenValidatedHandler(context).ConfigureAwait(false);                
                     context.HttpContext.StoreTokenUsedToCallWebAPI(context.SecurityToken as JwtSecurityToken);
                     context.Success();
                     await Task.FromResult(0).ConfigureAwait(false);