Drop extra check of matching sub claims

Don't want to introduce new behavior in this security fix
DuendeSoftware · Nov 7, 2024 · 4aa9cc6 · 4aa9cc6
1 parent f3753bd
commit 4aa9cc6
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
@@ -70,13 +70,6 @@ public async Task<UserToken> GetTokenAsync(
                 return new UserToken() { Error = "No properties on authentication result" };
             }
 
-
-            // This "can't happen", but if it ever did, we would have a security problem
-            if (result.Principal.FindFirstValue(JwtClaimTypes.Subject) != user.FindFirstValue(JwtClaimTypes.Subject))
-            {
-                throw new InvalidOperationException("Mismatch between expected user identity and cached authenticate result");
-            }
-
             return _tokensInProps.GetUserToken(result.Properties, parameters);
         }