Use invariant culture when formatting claims in JwtSecurityToken (#2453)

* Use invariant culture when formatting string

Fixes #2409

---------

Co-authored-by: Keegan Caruso <[email protected]>

src/System.IdentityModel.Tokens.Jwt/JwtPayload.cs

@@ -529,7 +529,14 @@ public virtual IEnumerable<Claim> Claims
                             claims.Add(new Claim(keyValuePair.Key, "false", ClaimValueTypes.Boolean, issuer, issuer));
                     }
                     else if (keyValuePair.Value != null)
-                        claims.Add(new Claim(keyValuePair.Key, keyValuePair.Value.ToString(), GetClaimValueType(keyValuePair.Value), issuer, issuer));
+                    {
+                        var value = keyValuePair.Value;
+                        var claimValueType = GetClaimValueType(value);
+                        if (value is IFormattable formattable)
+                            claims.Add(new Claim(keyValuePair.Key, formattable.ToString(null, CultureInfo.InvariantCulture), claimValueType, issuer, issuer));
+                        else
+                            claims.Add(new Claim(keyValuePair.Key, value.ToString(), claimValueType, issuer, issuer));
+                    }
                 }
 
                 return claims;

test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs

@@ -12,7 +12,7 @@
 using System.Reflection;
 using System.Security.Claims;
 using System.Text;
-using System.Text.Json;
+using System.Threading;
 using Microsoft.IdentityModel.TestUtils;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.IdentityModel.Tokens.Json.Tests;
@@ -1631,6 +1631,25 @@ public void EscapedClaims()
             JsonWebToken encodedToken = new JsonWebToken(jsonEncoded);
             _ = encodedToken.Claims;
         }
+
+        [Fact]
+        public void DifferentCultureJsonWebToken()
+        {
+            string result = string.Empty;
+
+            var thread = new Thread(() =>
+            {
+                CultureInfo.CurrentCulture = new CultureInfo("fr-FR");
+                var token = new JsonWebToken(JsonUtilities.CreateUnsignedToken("numericClaim", 10.9d));
+                var claim = token.Claims.First(c => c.Type == "numericClaim");
+                result = claim.Value;
+            });
+
+            thread.Start();
+            thread.Join();
+
+            Assert.Equal("10.9", result);
+        }
     }
 
     public class ParseTimeValuesTheoryData : TheoryDataBase

test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenTests.cs

@@ -2,9 +2,11 @@
 // Licensed under the MIT License.
 
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using System.Security.Claims;
 using System.Text;
+using System.Threading;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.TestUtils;
 using Microsoft.IdentityModel.Tokens;
@@ -453,5 +455,34 @@ public static TheoryData<JwtTheoryData> JwtSegmentTheoryData
             }
 
         }
+
+        [Fact]
+        public void DifferentCultureJwtSecurityToken()
+        {
+            string result = string.Empty;
+
+            var thread = new Thread(() =>
+            {
+                CultureInfo.CurrentCulture = new CultureInfo("fr-FR");
+
+                var handler = new JwtSecurityTokenHandler();
+                var token = handler.CreateJwtSecurityToken(new SecurityTokenDescriptor
+                {
+                    Claims = new Dictionary<string, object>
+                    {
+                        { "numericClaim", 10.9d }
+                    }
+                });
+
+                var claim = token.Claims.First(c => c.Type == "numericClaim");
+                result = claim.Value;
+
+            });
+
+            thread.Start();
+            thread.Join();
+
+            Assert.Equal("10.9", result);
+        }
     }
 }