ValidateTokenAsync - New Path: Refactor result types #2794

iNinja · 2024-08-23T17:59:44Z

ValidateTokenAsync - New Path: Refactor result types

You've read the Contributor Guide and Code of Conduct.
You've included unit or integration tests for your change, where applicable.
You've included inline docs for your change, where applicable.
If any gains or losses in performance are possible, you've included benchmarks for your changes. More info
There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Refactored Result types to reduce allocations and improve performance.

Description

Added Result type (before making this public we may want to rename it to avoid clashes with a future .NET result type)
Removed all token validation result types (IssuerValidationResult, AudienceValidationResult, ...)
Repurposed ValidationResult as a new result type for the new path.
Added extra stack frames when returning validation results. Added basic caching for a single path to validate.
Return Result<ValidationResult, ExceptionDetail> from TokenValidationAsync to limit ValidationResult to only success scenarios, simplifying scenarios like creating and accessing the ClaimsIdentity.
Removed ValidateTokenAsyncInternal since we now return the same Result from all methods, it is no longer required.
Added ValidationFailureType to ExceptionDetail
Updated tests

Next steps after this:

Possibly rename it to something more generic for an Error type that can create exceptions.
Add capabilities to ExceptionDetail to pass extra data to the exception when being created (invalid issuer, audience)
Re-implement Activator to create the exception from Details in a AOT compliant way (was removed time ago to restore AOT compatibility)

Benchmarks for this work:

Method	Mean	Error	StdDev	P90	P95	P100	Ratio	RatioSD	Gen0	Gen1	Allocated	Alloc Ratio
JsonWebTokenHandler_ValidateTokenAsyncWithTVP_CreateClaims	38.81 us	0.130 us	0.284 us	39.17 us	39.26 us	39.85 us	1.00	0.00	0.6104	-	16.48 KB	1.00
JsonWebTokenHandler_ValidateTokenAsyncWithVP_CreateClaims	38.13 us	0.097 us	0.209 us	38.39 us	38.45 us	38.61 us	0.98	0.01	0.6104	-	16.02 KB	0.97

JsonWebTokenHandler_ValidateTokenAsyncWithTVP_SucceedOnFifthAttempt	102.50 us	0.773 us	1.698 us	105.37 us	106.85 us	107.95 us	1.00	0.00	1.4648	-	37.13 KB	1.00
JsonWebTokenHandler_ValidateTokenAsyncWithTVPUsingClone_SucceedOnFifthAttempt	103.07 us	0.250 us	0.544 us	103.90 us	104.00 us	104.43 us	1.01	0.02	1.5869	-	38.89 KB	1.05
JsonWebTokenHandler_ValidateTokenAsyncWithVP_SucceedOnFifthAttempt	69.09 us	0.266 us	0.572 us	69.73 us	70.15 us	70.46 us	0.67	0.01	1.2207	-	32.7 KB	0.88

JsonWebTokenHandler_ValidateTokenAsyncWithTVP_SucceedOnThirdAttempt	68.77 us	0.186 us	0.397 us	69.33 us	69.52 us	69.95 us	1.00	0.00	0.8545	-	22.18 KB	1.00
JsonWebTokenHandler_ValidateTokenAsyncWithTVPUsingClone_SucceedOnThirdAttempt	68.80 us	0.132 us	0.288 us	69.16 us	69.25 us	69.80 us	1.00	0.00	0.8545	-	23.23 KB	1.05
JsonWebTokenHandler_ValidateTokenAsyncWithVP_SucceedOnThirdAttempt	51.37 us	0.122 us	0.268 us	51.68 us	51.70 us	51.95 us	0.75	0.00	0.7935	-	19.7 KB	0.89

JsonWebTokenHandler_ValidateTokenAsyncWithTVP	34.25 us	0.131 us	0.279 us	34.66 us	34.80 us	35.42 us	1.00	0.00	0.2441	-	7.23 KB	1.00
JsonWebTokenHandler_ValidateTokenAsyncWithTVPUsingModifiedClone	50.68 us	0.085 us	0.175 us	50.91 us	50.93 us	51.00 us	1.48	0.01	0.3662	-	9.66 KB	1.34
JsonWebTokenHandler_ValidateTokenAsyncWithVP	33.80 us	0.032 us	0.070 us	33.90 us	33.92 us	33.93 us	0.99	0.01	0.2441	-	6.7 KB	0.93
JwtSecurityTokenHandler_ValidateTokenAsync	41.49 us	0.087 us	0.184 us	41.70 us	41.81 us	42.07 us	1.21	0.01	1.0376	0.0610	25.58 KB	3.54

Sample exception message + stack trace generated with the new stack frames:

IDX10500: Signature validation failed. No security keys were provided to validate the signature.
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, ValidationParameters validationParameters, BaseConfiguration configuration, CallContext callContext) in C:\git\wilson\src\Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.ValidateSignature.cs:line 99
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, ValidationParameters validationParameters, BaseConfiguration configuration, CallContext callContext, CancellationToken cancellationToken) in C:\git\wilson\src\Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.ValidateToken.Internal.cs:line 339
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateTokenAsync(SecurityToken token, ValidationParameters validationParameters, CallContext callContext, CancellationToken cancellationToken) in C:\git\wilson\src\Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.ValidateToken.Internal.cs:line 139
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateTokenAsync(String token, ValidationParameters validationParameters, CallContext callContext, CancellationToken cancellationToken) in C:\git\wilson\src\Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.ValidateToken.Internal.cs:line 86

Part of #2711

…cWithVPTests.cs Co-authored-by: Keegan Caruso <[email protected]>

Adding Result and Unit type. Experiment around allocations and performance.

…sult return values to use implicit initialisation

…dated tests for Algorithm and Audience validation

…es to failures, added initial cache experiment for stack frames

benchmark/Microsoft.IdentityModel.Benchmarks/ValidateTokenAsyncTests.cs

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs

src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs

Franco Fung and others added 20 commits August 13, 2024 09:16

Adding benchmark for new ValidateTokenAsync model vs old.

4067f67

Update benchmark/Microsoft.IdentityModel.Benchmarks/ValidateTokenAsyn…

ea1c1be

…cWithVPTests.cs Co-authored-by: Keegan Caruso <[email protected]>

Updated class naming to be more explicit and added benchmark using clone

a7d2680

Added benchmarks to compare performance on multiple validation scenarios

4f80ff7

Removed StackFrame from ValidationResult

ae58f1b

Adding Result and Unit type. Experiment around allocations and performance.

Work in progress

a61ca89

Added project

c1e1ee9

Added missing await

e89a354

Removed tags, added implicit initialisers for Result type. Updated Re…

ea0fc3c

…sult return values to use implicit initialisation

Merge branch 'dev' into iinglese/refactor-results

227f763

Removed IdentityComparer methods relating to removed result types. Up…

d87e8dc

…dated tests for Algorithm and Audience validation

Removed ITokenValidationError interface. Updated tests

395c781

Replaced TokenValidationError with ExceptionDetails. Added stack fram…

196daed

…es to failures, added initial cache experiment for stack frames

Removed optionality from CancellationToken parameter

48dc149

Updated tests

93492ee

Added ClaimsIdentity to ValidationResult

5017401

Merge branch 'dev' into iinglese/refactor-results

3c2ce12

Updated benchmarks to match the result types and added CancellationToken

90fce75

Removed test consoleapp, re-grouped benchmarks for better comparison

09bc198

Removed unit type

32dcd6d

iNinja requested a review from a team as a code owner August 23, 2024 17:59

iNinja added 3 commits August 25, 2024 20:31

Removed TokenValidationError since it is no longer used

72e9574

Restored ExceptionType type name

925ee09

Restored ExceptionFromType method in ExceptionDetail

f932e31