tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Stop adding a jti claim by default

pull/1150/head
Kévin Chalet 5 years ago
parent
a6dd8cf031
commit
127e68c6d1
5 changed files with 17 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      src/OpenIddict.Abstractions/Resources/OpenIddictResources.resx
  2. 7
      src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
  3. 24
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  4. 1
      src/OpenIddict.Server/OpenIddictServerOptions.cs
  5. 3
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Introspection.cs

12
src/OpenIddict.Abstractions/Resources/OpenIddictResources.resx
View File

@ -1833,7 +1833,7 @@ To register the OpenIddict core services, reference the 'OpenIddict.Core' packag
<comment>{Locked}</comment>
</data>
<data name="ID6013" xml:space="preserve">
<value>The access token '{Identifier}' was successfully created: {Payload}.
<value>A new access token was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>
@ -1846,7 +1846,7 @@ The principal used to create the token contained the following claims: {Claims}.
<comment>{Locked}</comment>
</data>
<data name="ID6016" xml:space="preserve">
<value>The authorization code '{Identifier}' was successfully created: {Payload}.
<value>A new authorization code was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>
@ -1859,7 +1859,7 @@ The principal used to create the token contained the following claims: {Claims}.
<comment>{Locked}</comment>
</data>
<data name="ID6019" xml:space="preserve">
<value>The device code '{Identifier}' was successfully created: {Payload}.
<value>A new device code was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>
@ -1876,7 +1876,7 @@ The principal used to create the token contained the following claims: {Claims}.
<comment>{Locked}</comment>
</data>
<data name="ID6023" xml:space="preserve">
<value>The refresh token '{Identifier}' was successfully created: {Payload}.
<value>A new refresh token was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>
@ -1889,7 +1889,7 @@ The principal used to create the token contained the following claims: {Claims}.
<comment>{Locked}</comment>
</data>
<data name="ID6026" xml:space="preserve">
<value>The user code '{Identifier}' was successfully created: {Payload}.
<value>A new user code was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>
@ -1902,7 +1902,7 @@ The principal used to create the token contained the following claims: {Claims}.
<comment>{Locked}</comment>
</data>
<data name="ID6029" xml:space="preserve">
<value>The identity token '{Identifier}' was successfully created: {Payload}.
<value>A new identity token was successfully created: {Payload}.
The principal used to create the token contained the following claims: {Claims}.</value>
<comment>{Locked}</comment>
</data>

7
src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
View File

@ -894,11 +894,10 @@ namespace OpenIddict.Server
context.IssuedAt = context.NotBefore = context.Principal.GetCreationDate();
context.ExpiresAt = context.Principal.GetExpirationDate();
// Infer the audiences/client_id claims from the properties stored in the security principal.
// Note: the client_id claim must be a unique string so multiple presenters cannot be returned.
// To work around this limitation, only the first one is returned if multiple values are listed.
// Infer the audiences/client_id from the claims stored in the security principal.
context.Audiences.UnionWith(context.Principal.GetAudiences());
context.ClientId = context.Principal.GetPresenters().FirstOrDefault();
context.ClientId = context.Principal.GetClaim(Claims.ClientId) ??
context.Principal.GetPresenters().FirstOrDefault();
// Note: only set "token_type" when the received token is an access token.
// See https://tools.ietf.org/html/rfc7662#section-2.2

24
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -1872,7 +1872,6 @@ namespace OpenIddict.Server
claim.Properties.Remove(OpenIddictConstants.Properties.Destinations);
}
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetAccessTokenLifetime() ?? context.Options.AccessTokenLifetime;
@ -1957,7 +1956,6 @@ namespace OpenIddict.Server
return true;
});
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetAuthorizationCodeLifetime() ?? context.Options.AuthorizationCodeLifetime;
@ -2050,7 +2048,6 @@ namespace OpenIddict.Server
return true;
});
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetDeviceCodeLifetime() ?? context.Options.DeviceCodeLifetime;
@ -2124,7 +2121,6 @@ namespace OpenIddict.Server
return true;
});
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
// When sliding expiration is disabled, the expiration date of generated refresh tokens is fixed
@ -2236,7 +2232,6 @@ namespace OpenIddict.Server
claim.Properties.Remove(OpenIddictConstants.Properties.Destinations);
}
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetIdentityTokenLifetime() ?? context.Options.IdentityTokenLifetime;
@ -2323,7 +2318,6 @@ namespace OpenIddict.Server
return true;
});
principal.SetClaim(Claims.JwtId, Guid.NewGuid().ToString());
principal.SetCreationDate(DateTimeOffset.UtcNow);
var lifetime = context.Principal.GetUserCodeLifetime() ?? context.Options.UserCodeLifetime;
@ -2583,8 +2577,7 @@ namespace OpenIddict.Server
context.AccessToken = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), principal.GetClaim(Claims.JwtId),
context.AccessToken, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6013), context.AccessToken, principal.Claims);
return default;
}
@ -2830,8 +2823,7 @@ namespace OpenIddict.Server
context.AuthorizationCode = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6016), principal.GetClaim(Claims.JwtId),
context.AuthorizationCode, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6016), context.AuthorizationCode, principal.Claims);
return default;
}
@ -3081,8 +3073,7 @@ namespace OpenIddict.Server
context.DeviceCode = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6019), principal.GetClaim(Claims.JwtId),
context.DeviceCode, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6019), context.DeviceCode, principal.Claims);
return default;
}
@ -3416,8 +3407,7 @@ namespace OpenIddict.Server
context.RefreshToken = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6023), principal.GetClaim(Claims.JwtId),
context.RefreshToken, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6023), context.RefreshToken, principal.Claims);
return default;
}
@ -3694,8 +3684,7 @@ namespace OpenIddict.Server
context.UserCode = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6026), principal.GetClaim(Claims.JwtId),
context.UserCode, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6026), context.UserCode, principal.Claims);
return default;
}
@ -4109,8 +4098,7 @@ namespace OpenIddict.Server
context.IdentityToken = context.Options.JsonWebTokenHandler.CreateToken(descriptor);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6029), principal.GetClaim(Claims.JwtId),
context.IdentityToken, principal.Claims);
context.Logger.LogTrace(SR.GetResourceString(SR.ID6029), context.IdentityToken, principal.Claims);
return default;
}

1
src/OpenIddict.Server/OpenIddictServerOptions.cs
View File

@ -261,7 +261,6 @@ namespace OpenIddict.Server
OpenIddictConstants.Claims.ExpiresAt,
OpenIddictConstants.Claims.IssuedAt,
OpenIddictConstants.Claims.Issuer,
OpenIddictConstants.Claims.JwtId,
OpenIddictConstants.Claims.Subject
};

3
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Introspection.cs
View File

@ -730,6 +730,7 @@ namespace OpenIddict.Server.IntegrationTests
.SetPresenters("Contoso", "AdventureWorks Cycles")
.SetCreationDate(new DateTimeOffset(2016, 1, 1, 0, 0, 0, TimeSpan.Zero))
.SetExpirationDate(new DateTimeOffset(2017, 1, 1, 0, 0, 0, TimeSpan.Zero))
.SetClaim(Claims.ClientId, "AdventureWorks Cycles")
.SetClaim(Claims.Subject, "Bob le Magnifique")
.SetClaim(Claims.JwtId, "66B65AED-4033-4E9C-B975-A8CA7FB6FA79");
@ -763,7 +764,7 @@ namespace OpenIddict.Server.IntegrationTests
Assert.Equal(1451606400, (long) response[Claims.NotBefore]);
Assert.Equal(1483228800, (long) response[Claims.ExpiresAt]);
Assert.Equal("Fabrikam", (string?) response[Claims.Audience]);
Assert.Equal("Contoso", (string?) response[Claims.ClientId]);
Assert.Equal("AdventureWorks Cycles", (string?) response[Claims.ClientId]);
}
[Fact]

Write Preview
Loading…
Cancel
Save