Simplified ability to only support specific PASETO versions

samples/ScottBrady.IdentityModel.Samples.AspNetCore/Startup.cs

@@ -1,3 +1,4 @@
+using System.Collections.Generic;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using ScottBrady.IdentityModel.Tokens;
@@ -26,15 +27,19 @@ public void ConfigureServices(IServiceCollection services)
                 .AddJwtBearer("paseto-bearer-v1", options =>
                 {
                     options.SecurityTokenValidators.Clear();
-                    options.SecurityTokenValidators.Add(new PasetoTokenHandler());
+                    options.SecurityTokenValidators.Add(new PasetoTokenHandler(
+                        new Dictionary<string, PasetoVersionStrategy> {{PasetoConstants.Versions.V1, new PasetoVersion1()}}));
+
                     options.TokenValidationParameters.IssuerSigningKey = sampleOptions.PasetoV1PublicKey;
                     options.TokenValidationParameters.ValidIssuer = "me";
                     options.TokenValidationParameters.ValidAudience = "you";
                 })
                 .AddJwtBearer("paseto-bearer-v2", options =>
                 {
                     options.SecurityTokenValidators.Clear();
-                    options.SecurityTokenValidators.Add(new PasetoTokenHandler());
+                    options.SecurityTokenValidators.Add(new PasetoTokenHandler(
+                        new Dictionary<string, PasetoVersionStrategy> {{PasetoConstants.Versions.V2, new PasetoVersion2()}}));
+
                     options.TokenValidationParameters.IssuerSigningKey = sampleOptions.PasetoV2PublicKey;
                     options.TokenValidationParameters.ValidIssuer = "me";
                     options.TokenValidationParameters.ValidAudience = "you";

src/ScottBrady.IdentityModel/Tokens/Paseto/PasetoTokenHandler.cs

@@ -6,11 +6,16 @@ namespace ScottBrady.IdentityModel.Tokens
 {
     public class PasetoTokenHandler : JwtPayloadTokenHandler
     {
-        public static readonly Dictionary<string, PasetoVersionStrategy> VersionStrategies = new Dictionary<string, PasetoVersionStrategy>
+        private readonly Dictionary<string, PasetoVersionStrategy> SupportedVersions;
+
+        public PasetoTokenHandler(Dictionary<string, PasetoVersionStrategy> supportedVersions = null)
         {
-            {PasetoConstants.Versions.V1, new PasetoVersion1()},
-            {PasetoConstants.Versions.V2, new PasetoVersion2()}
-        };
+            SupportedVersions = supportedVersions ?? new Dictionary<string, PasetoVersionStrategy>
+            {
+                {PasetoConstants.Versions.V1, new PasetoVersion1()},
+                {PasetoConstants.Versions.V2, new PasetoVersion2()}
+            };
+        }
 
         public override bool CanReadToken(string token)
         {
@@ -30,7 +35,7 @@ public virtual string CreateToken(PasetoSecurityTokenDescriptor tokenDescriptor)
                 throw new ArgumentException($"Token descriptor must be of type '{typeof(PasetoSecurityTokenDescriptor)}'", nameof(tokenDescriptor));
 
             // get strategy for version + purpose
-            if (!VersionStrategies.TryGetValue(pasetoSecurityTokenDescriptor.Version, out var strategy))
+            if (!SupportedVersions.TryGetValue(pasetoSecurityTokenDescriptor.Version, out var strategy))
             {
                 throw new SecurityTokenException("Unsupported PASETO version");
             }
@@ -65,7 +70,7 @@ public override TokenValidationResult ValidateToken(string token, TokenValidatio
             var pasetoToken = new PasetoToken(token);
 
             // get strategy for version + purpose
-            if (!VersionStrategies.TryGetValue(pasetoToken.Version, out var strategy))
+            if (!SupportedVersions.TryGetValue(pasetoToken.Version, out var strategy))
             {
                 return new TokenValidationResult {Exception = new SecurityTokenException("Unsupported PASETO version")};
             }

test/ScottBrady.IdentityModel.Tests/Tokens/Paseto/PasetoTokenHandlerTests.cs

@@ -22,10 +22,13 @@ public class PasetoTokenHandlerTests
 
         public PasetoTokenHandlerTests()
         {
-            mockedSut = new Mock<PasetoTokenHandler> {CallBase = true};
+            mockedSut = new Mock<PasetoTokenHandler>(
+                new Dictionary<string, PasetoVersionStrategy>{{TestVersion, mockVersionStrategy.Object}})
+            {
+                CallBase = true
+            };
+
             sut = mockedSut.Object;
-            PasetoTokenHandler.VersionStrategies.Clear();
-            PasetoTokenHandler.VersionStrategies.Add(TestVersion, mockVersionStrategy.Object);
         }
 
         [Theory]
@@ -337,7 +340,6 @@ public void CreateAndValidateToken_WhenV2PublicToken_ExpectCorrectClaims()
             var verificationKeys =
                 new EdDsaSecurityKey(new Ed25519PublicKeyParameters(Convert.FromBase64String("doaS7QILHBdnPULlgs1fX0MWpd1wak14r1yT6ae/b4M="), 0));
 
-            PasetoTokenHandler.VersionStrategies.Add(PasetoConstants.Versions.V2, new PasetoVersion2());
             var handler = new PasetoTokenHandler();
             var token = handler.CreateToken(new PasetoSecurityTokenDescriptor(PasetoConstants.Versions.V2, PasetoConstants.Purposes.Public)
             {

test/ScottBrady.IdentityModel.Tests/Tokens/Paseto/VersionStrategies/PasetoVersion1Tests.cs

@@ -2,7 +2,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
 using FluentAssertions;
 using Microsoft.IdentityModel.Tokens;
 using ScottBrady.IdentityModel.Tokens;