SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

SCIMSchemaExtractor.Extract throws exception for schemas containing comments

Open canea-asb opened this issue 7 months ago • 2 comments

After upgrading SimpleIdServer from 6.0.2 to 6.0.3 and starting my SCIM server I got a System.Text.Json.JsonException thrown. The exception message said:

''/' is an invalid start of a property name. Expected a '"'. Path: $ | LineNumber: 11 | BytePositionInLine: 33.'

I looked in my schema files and noticed that I had a comment on a line in UserSchema.json. See the last line in the JSON below below:

{
  "id": "urn:ietf:params:scim:schemas:core:2.0:User",
  "name": "User",
  "description": "User Schema",
  "attributes": [
    {
      "name": "userName",
      "type": "string",
      "multiValued": false,
      "required": true,
      "caseExact": false,
      "mutability": "immutable", // lorem ipsum

After removing the comment and restarting the SCIM server I did not get this exception.

The exception was thrown on the last line in the code below:

public class SCIMSchemaExtractor
{
    public static SCIMSchema Extract(string filePath, string resourceType, bool isRootSchema = false)
    {
        var content = File.ReadAllText(filePath);
        var jObj = JsonSerializer.Deserialize<JsonObject>(content); // <----- exception here

It has worked before version 6.0.3.

canea-asb avatar Jul 07 '25 14:07 canea-asb

I also noticed that after upgrading from 6.0. 2 to 6.0. 3 the SimpleIdServer.Scim.Infrastructure namespace in the package was lost, where the ApiKeysConfiguration class resides.

wilbird70 avatar Jul 08 '25 08:07 wilbird70

@canea-asb: Hello 🙂 Indeed, since version 6.0.3, the Newtonsoft library has been removed from the SCIM project and replaced with System.Text.Json. In the Extract method of the SCIMSchemaExtractor class, JsonSerializer.Deserialize throws an exception by default if the JSON contains comments, as it cannot handle them. To fix this, you can set the ReadCommentHandling property to JsonCommentHandling.Skip, and it will work as expected:

var jObj = JsonSerializer.Deserialize<JsonObject>(content, new JsonSerializerOptions
{
    ReadCommentHandling = JsonCommentHandling.Skip,
});

@wilbird70: Hello! As of version 6.0.3, the dependencies on the Newtonsoft.Json and AspNetCore.Authentication.ApiKey NuGet packages have been removed. The ScimpleIdServer.Scim library now contains only the minimal implementation required to function and no longer relies on external dependencies.

To configure authentication using AspNetCore.Authentication.ApiKey, you can refer to this tutorial: https://simpleidserver.com/docs/scim/security

KR,

SID

simpleidserver avatar Jul 08 '25 10:07 simpleidserver