Fix ObjectDisposedException

martincostello · AnthonyYates · martincostello · commit 34c2675926b1 · 2020-06-28T09:37:53.000+01:00
Fix ObjectDisposedException in the Apple provider when using System.IdentityModel.Tokens.Jwt 5.5.0+.

Co-Authored-By: Anthony Yates &lt;tony@anthonyyates.com&gt;
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -12,10 +12,6 @@
     <PackageVersion Include="Microsoft.NetCore.Analyzers" Version="3.0.0" />
     <PackageVersion Include="Shouldly" Version="3.0.2" />
     <PackageVersion Include="StyleCop.Analyzers" Version="1.1.118" />
-
-    <!--
-      Cannot use later versions (5.5.0+) due to https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1302.
-    -->
     <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="5.4.0" />
   </ItemGroup>
 
diff --git a/src/AspNet.Security.OAuth.Apple/Internal/DefaultAppleClientSecretGenerator.cs b/src/AspNet.Security.OAuth.Apple/Internal/DefaultAppleClientSecretGenerator.cs
@@ -18,6 +18,11 @@ namespace AspNet.Security.OAuth.Apple.Internal
 {
     internal sealed class DefaultAppleClientSecretGenerator : AppleClientSecretGenerator
     {
+        private static readonly CryptoProviderFactory CryptoProviderFactory = new CryptoProviderFactory()
+        {
+            CacheSignatureProviders = false,
+        };
+
         private readonly ISystemClock _clock;
         private readonly ILogger _logger;
         private readonly AppleKeyStore _keyStore;
@@ -110,7 +115,13 @@ private static ECDsa CreateAlgorithm(byte[] keyBlob)
         private static SigningCredentials CreateSigningCredentials(string keyId, ECDsa algorithm)
         {
             var key = new ECDsaSecurityKey(algorithm) { KeyId = keyId };
-            return new SigningCredentials(key, SecurityAlgorithms.EcdsaSha256Signature);
+
+            // Use a custom CryptoProviderFactory so that keys are not cached and then disposed of, see below:
+            // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1302
+            return new SigningCredentials(key, SecurityAlgorithms.EcdsaSha256Signature)
+            {
+                CryptoProviderFactory = CryptoProviderFactory,
+            };
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,11 @@ namespace AspNet.Security.OAuth.Apple.Internal`
`18`	`18`	`{`
`19`	`19`	`internal sealed class DefaultAppleClientSecretGenerator : AppleClientSecretGenerator`
`20`	`20`	`{`
	`21`	`+ private static readonly CryptoProviderFactory CryptoProviderFactory = new CryptoProviderFactory()`
	`22`	`+ {`
	`23`	`+ CacheSignatureProviders = false,`
	`24`	`+ };`
	`25`	`+`
`21`	`26`	`private readonly ISystemClock _clock;`
`22`	`27`	`private readonly ILogger _logger;`
`23`	`28`	`private readonly AppleKeyStore _keyStore;`
`@@ -110,7 +115,13 @@ private static ECDsa CreateAlgorithm(byte[] keyBlob)`
`110`	`115`	`private static SigningCredentials CreateSigningCredentials(string keyId, ECDsa algorithm)`
`111`	`116`	`{`
`112`	`117`	`var key = new ECDsaSecurityKey(algorithm) { KeyId = keyId };`
`113`		`- return new SigningCredentials(key, SecurityAlgorithms.EcdsaSha256Signature);`
	`118`	`+`
	`119`	`+ // Use a custom CryptoProviderFactory so that keys are not cached and then disposed of, see below:`
	`120`	`+ // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1302`
	`121`	`+ return new SigningCredentials(key, SecurityAlgorithms.EcdsaSha256Signature)`
	`122`	`+ {`
	`123`	`+ CryptoProviderFactory = CryptoProviderFactory,`
	`124`	`+ };`
`114`	`125`	`}`
`115`	`126`	`}`
`116`	`127`	`}`