You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use case-insensitive comparison when filtering restricted claims
in JwtIssuer to prevent bypass via mixed-case claim keys (e.g.
SCP, ROLES). Previously, Dictionary.Remove() used the default
case-sensitive comparer, allowing uppercase variants to survive
filtering.
0 commit comments