Add "sub" to the list of claims whose type is checked by ValidateFrontchannelIdentityTokenWellknownClaims/ValidateBackchannelIdentityTokenWellknownClaims

3 years ago · 453f577590
1 changed files with 4 additions and 2 deletions
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@ -1611,7 +1611,8 @@ public static partial class OpenIddictClientHandlers
            {
                // The following JWT claims MUST be represented as unique strings.
                {
-                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or Claims.Issuer or Claims.Nonce,
+                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or
+                         Claims.Issuer or Claims.Nonce or Claims.Subject,
                    Value: List<Claim> values
                } => values.Count is 1 && values[0].ValueType is ClaimValueTypes.String,

@ -2935,7 +2936,8 @@ public static partial class OpenIddictClientHandlers
            {
                // The following JWT claims MUST be represented as unique strings.
                {
-                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or Claims.Issuer or Claims.Nonce,
+                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or
+                         Claims.Issuer or Claims.Nonce or Claims.Subject,
                    Value: List<Claim> values
                } => values.Count is 1 && values[0].ValueType is ClaimValueTypes.String,