AzureAD · pmaytak · Mar 21, 2024 · Mar 21, 2024 · Mar 27, 2024 · Apr 4, 2024
@@ -7,6 +7,7 @@
 using System.Collections.ObjectModel;
 using System.Globalization;
 using System.Security.Claims;
+using System.Text;
 using System.Text.Json;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens;
@@ -24,15 +25,35 @@ internal class JsonClaimSet
 
         internal object _claimsLock = new();
         internal readonly Dictionary<string, object> _jsonClaims;
+#if NET8_0_OR_GREATER
+        internal readonly Dictionary<string, (int startIndex, int length)?> _jsonClaimsBytes;
+        internal readonly Memory<byte> _tokenAsMemory;
+#endif
         private List<Claim> _claims;
 
-        internal JsonClaimSet() { _jsonClaims = new Dictionary<string, object>(); }
+        internal JsonClaimSet()
+        {
+            _jsonClaims = new();
+#if NET8_0_OR_GREATER
+            _jsonClaimsBytes = new();
+#endif
+        }
 
         internal JsonClaimSet(Dictionary<string, object> jsonClaims)
         {
             _jsonClaims = jsonClaims;
         }
-
+#if NET8_0_OR_GREATER
+        internal JsonClaimSet(
+            Dictionary<string, object> jsonClaims,
+            Dictionary<string, (int startIndex, int length)?> jsonClaimsBytes,
+            Memory<byte> tokenAsMemory)
+        {
+            _jsonClaims = jsonClaims;
+            _jsonClaimsBytes = jsonClaimsBytes;
+            _tokenAsMemory = tokenAsMemory;
+        }
+#endif
         internal List<Claim> Claims(string issuer)
         {
             if (_claims == null)
@@ -71,7 +92,7 @@ internal static void CreateClaimFromObject(List<Claim> claims, string claimType,
             else if (value is double d)
                 claims.Add(new Claim(claimType, d.ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Double, issuer, issuer));
             else if (value is DateTime dt)
-                claims.Add(new Claim(claimType, dt.ToString("o",CultureInfo.InvariantCulture), ClaimValueTypes.DateTime, issuer, issuer));
+                claims.Add(new Claim(claimType, dt.ToString("o", CultureInfo.InvariantCulture), ClaimValueTypes.DateTime, issuer, issuer));
             else if (value is float f)
                 claims.Add(new Claim(claimType, f.ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Double, issuer, issuer));
             else if (value is decimal m)
@@ -159,17 +180,43 @@ internal Claim GetClaim(string key, string issuer)
 
         internal string GetStringValue(string key)
         {
+#if NET8_0_OR_GREATER
+            if (_jsonClaimsBytes.TryGetValue(key, out (int StartIndex, int Length)? location))
+            {
+                if (!location.HasValue)
+                    return null;
+
+                return Encoding.UTF8.GetString(_tokenAsMemory.Slice(location.Value.StartIndex, location.Value.Length).Span);
+            }
+#else
             if (_jsonClaims.TryGetValue(key, out object obj))
             {
                 if (obj == null)
                     return null;
 
                 return obj.ToString();
             }
+#endif
 
             return string.Empty;
         }
 
+#if NET8_0_OR_GREATER
+        // Similar to GetStringValue but returns the bytes directly.
+        internal ReadOnlySpan<byte> GetStringBytesValue(string key)
+        {
+            if (_jsonClaimsBytes.TryGetValue(key, out (int StartIndex, int Length)? location))
+            {
+                if (!location.HasValue)
+                    return null;
+
+                return _tokenAsMemory.Slice(location.Value.StartIndex, location.Value.Length).Span;
+            }
+
+            return new Span<byte>();
+        }
+#endif
+
         internal DateTime GetDateTime(string key)
         {
             long l = GetValue<long>(key, false, out bool found);
@@ -317,7 +364,7 @@ internal T GetValue<T>(string key, bool throwEx, out bool found)
             else if (typeof(T) == typeof(Collection<object>))
                 return (T)(object)new Collection<object> { obj };
 
-            else if(typeof(T).IsEnum)
+            else if (typeof(T).IsEnum)
             {
                 return (T)Enum.Parse(typeof(T), obj.ToString(), ignoreCase: true);
             }
@@ -339,15 +386,15 @@ internal T GetValue<T>(string key, bool throwEx, out bool found)
                 if (objType == typeof(long))
                     return (T)(object)new long[] { (long)obj };
 
-                if(objType == typeof(int))
+                if (objType == typeof(int))
                     return (T)(object)new long[] { (int)obj };
 
                 if (long.TryParse(obj.ToString(), out long value))
                     return (T)(object)new long[] { value };
             }
             else if (typeof(T) == typeof(double))
             {
-                if(double.TryParse(obj.ToString(), out double value))
+                if (double.TryParse(obj.ToString(), out double value))
                     return (T)(object)value;
             }
             else if (typeof(T) == typeof(uint))
@@ -422,6 +469,17 @@ internal bool TryGetClaim(string key, string issuer, out Claim claim)
         /// <returns></returns>
         internal bool TryGetValue<T>(string key, out T value)
         {
+#if NET8_0_OR_GREATER
+            if (typeof(T) == typeof(string))
+            {
+                var span = GetStringBytesValue(key);
+                if (!span.IsEmpty)
+                {
+                    value = (T)(object)Encoding.UTF8.GetString(span);
+                    return true;
+                }
+            }
+#endif
             value = GetValue<T>(key, false, out bool found);
             return found;
         }

@@ -14,12 +14,12 @@ public partial class JsonWebToken
     {
         internal JsonClaimSet CreatePayloadClaimSet(byte[] bytes, int length)
         {
-            return CreatePayloadClaimSet(bytes.AsSpan(0, length));
+            return CreatePayloadClaimSet(bytes.AsMemory(0, length));
         }
 
-        internal JsonClaimSet CreatePayloadClaimSet(ReadOnlySpan<byte> byteSpan)
+        internal JsonClaimSet CreatePayloadClaimSet(Memory<byte> tokenPayloadAsMemory)
         {
-            Utf8JsonReader reader = new(byteSpan);
+            Utf8JsonReader reader = new(tokenPayloadAsMemory.Span);
             if (!JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.StartObject, true))
                 throw LogHelper.LogExceptionMessage(
                     new JsonException(
@@ -33,11 +33,18 @@ internal JsonClaimSet CreatePayloadClaimSet(ReadOnlySpan<byte> byteSpan)
                         LogHelper.MarkAsNonPII(reader.BytesConsumed))));
 
             Dictionary<string, object> claims = [];
+#if NET8_0_OR_GREATER
+            Dictionary<string, (int startIndex, int length)?> claimsBytes = [];
+#endif
             while (true)
             {
                 if (reader.TokenType == JsonTokenType.PropertyName)
                 {
+#if NET8_0_OR_GREATER
+                    ReadPayloadValue(ref reader, claims, claimsBytes, tokenPayloadAsMemory);
+#else
                     ReadPayloadValue(ref reader, claims);
+#endif
                 }
                 // We read a JsonTokenType.StartObject above, exiting and positioning reader at next token.
                 else if (JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.EndObject, false))
@@ -46,7 +53,11 @@ internal JsonClaimSet CreatePayloadClaimSet(ReadOnlySpan<byte> byteSpan)
                     break;
             };
 
+#if NET8_0_OR_GREATER
+            return new JsonClaimSet(claims, claimsBytes, tokenPayloadAsMemory);
+#else
             return new JsonClaimSet(claims);
+#endif
         }
 
         private protected virtual void ReadPayloadValue(ref Utf8JsonReader reader, IDictionary<string, object> claims)
@@ -117,5 +128,77 @@ private protected virtual void ReadPayloadValue(ref Utf8JsonReader reader, IDict
                 claims[propertyName] = JsonSerializerPrimitives.ReadPropertyValueAsObject(ref reader, propertyName, JsonClaimSet.ClassName, true);
             }
         }
+
+#if NET8_0_OR_GREATER
+        private protected virtual void ReadPayloadValue(
+            ref Utf8JsonReader reader,
+            Dictionary<string, object> claims,
+            Dictionary<string, (int startIndex, int length)?> claimsBytes,
+            Memory<byte> tokenAsMemory)
+        {
+            if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Aud))
+            {
+                _audiences = [];
+                reader.Read();
+                if (reader.TokenType == JsonTokenType.StartArray)
+                {
+                    JsonSerializerPrimitives.ReadStringsSkipNulls(ref reader, _audiences, JwtRegisteredClaimNames.Aud, ClassName);
+                    claims[JwtRegisteredClaimNames.Aud] = _audiences;
+                }
+                else
+                {
+                    if (reader.TokenType != JsonTokenType.Null)
+                    {
+                        _audiences.Add(JsonSerializerPrimitives.ReadString(ref reader, JwtRegisteredClaimNames.Aud, ClassName));
+                        claims[JwtRegisteredClaimNames.Aud] = _audiences[0];
+                    }
+                    else
+                    {
+                        claims[JwtRegisteredClaimNames.Aud] = _audiences;
+                    }
+                }
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Azp))
+            {
+                claimsBytes[JwtRegisteredClaimNames.Azp] = JsonSerializerPrimitives.ReadStringBytesLocation(ref reader, tokenAsMemory, JwtRegisteredClaimNames.Azp, ClassName, true);
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Exp))
+            {
+                _exp = JsonSerializerPrimitives.ReadLong(ref reader, JwtRegisteredClaimNames.Exp, ClassName, true);
+                _expDateTime = EpochTime.DateTime(_exp.Value);
+                claims[JwtRegisteredClaimNames.Exp] = _exp;
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Iat))
+            {
+                _iat = JsonSerializerPrimitives.ReadLong(ref reader, JwtRegisteredClaimNames.Iat, ClassName, true);
+                _iatDateTime = EpochTime.DateTime(_iat.Value);
+                claims[JwtRegisteredClaimNames.Iat] = _iat;
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Iss))
+            {
+                claimsBytes[JwtRegisteredClaimNames.Iss] = JsonSerializerPrimitives.ReadStringBytesLocation(ref reader, tokenAsMemory, JwtRegisteredClaimNames.Iss, ClassName, true);
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Jti))
+            {
+                claimsBytes[JwtRegisteredClaimNames.Jti] = JsonSerializerPrimitives.ReadStringBytesLocation(ref reader, tokenAsMemory, JwtRegisteredClaimNames.Jti, ClassName, true);
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Nbf))
+            {
+                _nbf = JsonSerializerPrimitives.ReadLong(ref reader, JwtRegisteredClaimNames.Nbf, ClassName, true);
+                _nbfDateTime = EpochTime.DateTime(_nbf.Value);
+                claims[JwtRegisteredClaimNames.Nbf] = _nbf;
+            }
+            else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Sub))
+            {
+                _sub = JsonSerializerPrimitives.ReadStringOrNumberAsString(ref reader, JwtRegisteredClaimNames.Sub, ClassName, true);
+                claims[JwtRegisteredClaimNames.Sub] = _sub;
+            }
+            else
+            {
+                string propertyName = reader.GetString();
+                claims[propertyName] = JsonSerializerPrimitives.ReadPropertyValueAsObject(ref reader, propertyName, JsonClaimSet.ClassName, true);
+            }
+        }
+#endif
     }
 }