From d3b1eda19336e960a50c1149cc4f040ce791b247 Mon Sep 17 00:00:00 2001 From: Chris R Date: Fri, 30 Apr 2021 10:40:54 -0700 Subject: [PATCH] Warn that TokenValidated is not the last step of validation --- .../OpenIdConnect/src/Events/OpenIdConnectEvents.cs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Security/Authentication/OpenIdConnect/src/Events/OpenIdConnectEvents.cs b/src/Security/Authentication/OpenIdConnect/src/Events/OpenIdConnectEvents.cs index eefe17676fdc..89cb7bc8064c 100644 --- a/src/Security/Authentication/OpenIdConnect/src/Events/OpenIdConnectEvents.cs +++ b/src/Security/Authentication/OpenIdConnect/src/Events/OpenIdConnectEvents.cs @@ -54,7 +54,8 @@ public class OpenIdConnectEvents : RemoteAuthenticationEvents public Func OnTokenResponseReceived { get; set; } = context => Task.CompletedTask; /// - /// Invoked when an IdToken has been validated and produced an AuthenticationTicket. + /// Invoked when an IdToken has been validated and produced an AuthenticationTicket. Note there are additional checks after this + /// event that validate other aspects of the authentication flow like the nonce. /// public Func OnTokenValidated { get; set; } = context => Task.CompletedTask; @@ -106,7 +107,8 @@ public class OpenIdConnectEvents : RemoteAuthenticationEvents public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context); /// - /// Invoked when an IdToken has been validated and produced an AuthenticationTicket. + /// Invoked when an IdToken has been validated and produced an AuthenticationTicket. Note there are additional checks after this + /// event that validate other aspects of the authentication flow like the nonce. /// public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);